Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-7853 (GCVE-0-2015-7853)
Vulnerability from cvelistv5
- n/a
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:59:00.511Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "name": "SUSE-SU-2016:1912", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "name": "USN-2783-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2783-1" }, { "name": "SUSE-SU-2016:1247", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "name": "1033951", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1033951" }, { "name": "SUSE-SU-2016:1311", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "name": "SUSE-SU-2016:2094", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "name": "77273", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/77273" }, { "name": "openSUSE-SU-2016:1423", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "name": "GLSA-201607-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201607-15" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html" }, { "name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.talosintel.com/vulnerability-reports/" }, { "name": "openSUSE-SU-2015:2016", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-10-21T00:00:00", "descriptions": [ { "lang": "en", "value": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-16T12:08:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "name": "SUSE-SU-2016:1912", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "name": "USN-2783-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2783-1" }, { "name": "SUSE-SU-2016:1247", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "name": "1033951", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1033951" }, { "name": "SUSE-SU-2016:1311", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "name": "SUSE-SU-2016:2094", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "name": "77273", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/77273" }, { "name": "openSUSE-SU-2016:1423", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "name": "GLSA-201607-15", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201607-15" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html" }, { "name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.talosintel.com/vulnerability-reports/" }, { "name": "openSUSE-SU-2015:2016", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7853", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.ntp.org/bin/view/Main/NtpBug2920", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "name": "SUSE-SU-2016:1912", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "name": "USN-2783-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2783-1" }, { "name": "SUSE-SU-2016:1247", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "name": "1033951", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033951" }, { "name": "SUSE-SU-2016:1311", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "name": "SUSE-SU-2016:2094", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "name": "77273", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77273" }, { "name": "openSUSE-SU-2016:1423", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "name": "GLSA-201607-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-15" }, { "name": "https://security.netapp.com/advisory/ntap-20171004-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "name": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html" }, { "name": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html" }, { "name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp" }, { "name": "https://bto.bluecoat.com/security-advisory/sa103", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "name": "http://www.talosintel.com/vulnerability-reports/", "refsource": "MISC", "url": "http://www.talosintel.com/vulnerability-reports/" }, { "name": "openSUSE-SU-2015:2016", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7853", "datePublished": "2017-08-07T20:00:00", "dateReserved": "2015-10-16T00:00:00", "dateUpdated": "2024-08-06T07:59:00.511Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2015-7853\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-07T20:29:00.887\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.\"},{\"lang\":\"es\",\"value\":\"El par\u00e1metro datalen en el driver reflock en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que atacantes remotos ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio utilizando un valor de entrada negativo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.8\",\"matchCriteriaId\":\"C240BAAB-8C12-4501-9DC6-FB877304E908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.77\",\"matchCriteriaId\":\"79494F07-6081-497D-8A2D-B05486599EAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA51D83-5841-4335-AF07-7A43C118CAAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"49ADE0C3-F75C-4EC0-8805-56013F0EB92C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8FF625A-EFA3-43D1-8698-4A37AE31A07C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3B99BBD-97FE-4615-905A-A614592226F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A9AD3A-F030-4331-B52A-518BD963AB8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C293B8BE-6691-4944-BCD6-25EB98CABC73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA650F8-2576-494A-A861-61572CA319D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED21EE8-7CBF-4BC5-BFC3-185D41296238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76A0B44-13DE-4173-8D05-DA54F6A71759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1450241C-2F6D-4122-B33C-D78D065BA403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"721AFD22-91D3-488E-A5E6-DD84C86E412B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"41E44E9F-6383-4E12-AEDC-B653FEA77A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"466D9A37-2658-4695-9429-0C6BF4A631C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99774181-5F12-446C-AC2C-DB1C52295EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"212E1878-1B9A-4CB4-A1CE-EAD60B867161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*\",\"matchCriteriaId\":\"95B173E0-1475-4F8D-A982-86F36BE3DD4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FED6CAE-D97F-49E0-9D00-1642A3A427B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*\",\"matchCriteriaId\":\"392A1364-2739-450D-9E19-DFF93081C2C6\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug2920\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/536737/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/536760/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/536796/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/536833/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/77273\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1033951\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.talosintel.com/vulnerability-reports/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2783-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa103\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1274262\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201607-15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171004-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug2920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/536737/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/536760/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/536796/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/536833/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/77273\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1033951\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.talosintel.com/vulnerability-reports/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2783-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1274262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201607-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171004-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
fkie_cve-2015-7853
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
ntp | ntp | * | |
ntp | ntp | * | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
ntp | ntp | 4.2.8 | |
netapp | oncommand_balance | - | |
netapp | oncommand_performance_manager | - | |
netapp | oncommand_unified_manager | - | |
netapp | clustered_data_ontap | - | |
netapp | data_ontap | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908", "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE", "versionEndExcluding": "4.3.77", "versionStartIncluding": "4.3.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED", "vulnerable": true }, { "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*", "matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A", "vulnerable": true }, { "criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value." }, { "lang": "es", "value": "El par\u00e1metro datalen en el driver reflock en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que atacantes remotos ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio utilizando un valor de entrada negativo." } ], "id": "CVE-2015-7853", "lastModified": "2025-04-20T01:37:25.860", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-08-07T20:29:00.887", "references": [ { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html" }, { "source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "source": "cve@mitre.org", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/77273" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033951" }, { "source": "cve@mitre.org", "url": "http://www.talosintel.com/vulnerability-reports/" }, { "source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2783-1" }, { "source": "cve@mitre.org", "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "source": "cve@mitre.org", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://security.gentoo.org/glsa/201607-15" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "source": "cve@mitre.org", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/77273" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033951" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.talosintel.com/vulnerability-reports/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2783-1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://security.gentoo.org/glsa/201607-15" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cnvd-2015-07180
Vulnerability from cnvd
Title: NTP本地缓冲区溢出漏洞
Description:
NTP是一种以数据包交换把两台电脑的时钟同步化的网络协议。
NTP程序运行自定义的refclock驱动程序时,未能检查‘datalen’参数是否为负值,允许本地攻击者可利用漏洞进行拒绝服务攻击。
Severity: 中
Patch Name: NTP本地缓冲区溢出漏洞的补丁
Patch Description:
NTP是一种以数据包交换把两台电脑的时钟同步化的网络协议。
NTP程序运行自定义的refclock驱动程序时,未能检查‘datalen’参数是否为负值,允许本地攻击者利用漏洞进行拒绝服务攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
用户可参考如下厂商提供的安全补丁以修复该漏洞: http://support.ntp.org/bin/view/Main/NtpBug2920
Reference: http://support.ntp.org/bin/view/Main/NtpBug2920
Name | ['Ntp Ntp <4.2.8p4', 'Ntp Ntp 4.3.x(<4.3.77)'] |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2015-7853" } }, "description": "NTP\u662f\u4e00\u79cd\u4ee5\u6570\u636e\u5305\u4ea4\u6362\u628a\u4e24\u53f0\u7535\u8111\u7684\u65f6\u949f\u540c\u6b65\u5316\u7684\u7f51\u7edc\u534f\u8bae\u3002\r\n\r\nNTP\u7a0b\u5e8f\u8fd0\u884c\u81ea\u5b9a\u4e49\u7684refclock\u9a71\u52a8\u7a0b\u5e8f\u65f6\uff0c\u672a\u80fd\u68c0\u67e5\u2018datalen\u2019\u53c2\u6570\u662f\u5426\u4e3a\u8d1f\u503c\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002", "discovererName": "Yves Younan of Cisco Talos", "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://support.ntp.org/bin/view/Main/NtpBug2920", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2015-07180", "openTime": "2015-11-03", "patchDescription": "NTP\u662f\u4e00\u79cd\u4ee5\u6570\u636e\u5305\u4ea4\u6362\u628a\u4e24\u53f0\u7535\u8111\u7684\u65f6\u949f\u540c\u6b65\u5316\u7684\u7f51\u7edc\u534f\u8bae\u3002\r\n\r\nNTP\u7a0b\u5e8f\u8fd0\u884c\u81ea\u5b9a\u4e49\u7684refclock\u9a71\u52a8\u7a0b\u5e8f\u65f6\uff0c\u672a\u80fd\u68c0\u67e5\u2018datalen\u2019\u53c2\u6570\u662f\u5426\u4e3a\u8d1f\u503c\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "NTP\u672c\u5730\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": [ "Ntp Ntp \u003c4.2.8p4", "Ntp Ntp 4.3.x(\u003c4.3.77)" ] }, "referenceLink": "http://support.ntp.org/bin/view/Main/NtpBug2920", "serverity": "\u4e2d", "submitTime": "2015-11-01", "title": "NTP\u672c\u5730\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e" }
opensuse-su-2024:10181-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "ntp-4.2.8p9-1.1 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the ntp-4.2.8p9-1.1 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2024-10181", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10181-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2009-0159 page", "url": "https://www.suse.com/security/cve/CVE-2009-0159/" }, { "category": "self", "summary": "SUSE CVE CVE-2009-1252 page", "url": "https://www.suse.com/security/cve/CVE-2009-1252/" }, { "category": "self", "summary": "SUSE CVE CVE-2013-5211 page", "url": "https://www.suse.com/security/cve/CVE-2013-5211/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9293 page", "url": "https://www.suse.com/security/cve/CVE-2014-9293/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9294 page", "url": "https://www.suse.com/security/cve/CVE-2014-9294/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9295 page", "url": "https://www.suse.com/security/cve/CVE-2014-9295/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9296 page", "url": "https://www.suse.com/security/cve/CVE-2014-9296/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9297 page", "url": "https://www.suse.com/security/cve/CVE-2014-9297/" }, { "category": "self", "summary": "SUSE CVE CVE-2014-9298 page", "url": "https://www.suse.com/security/cve/CVE-2014-9298/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-1798 page", "url": "https://www.suse.com/security/cve/CVE-2015-1798/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-1799 page", "url": "https://www.suse.com/security/cve/CVE-2015-1799/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-5300 page", "url": "https://www.suse.com/security/cve/CVE-2015-5300/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7691 page", "url": "https://www.suse.com/security/cve/CVE-2015-7691/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7692 page", "url": "https://www.suse.com/security/cve/CVE-2015-7692/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7701 page", "url": "https://www.suse.com/security/cve/CVE-2015-7701/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7702 page", "url": "https://www.suse.com/security/cve/CVE-2015-7702/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7703 page", "url": "https://www.suse.com/security/cve/CVE-2015-7703/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7848 page", "url": "https://www.suse.com/security/cve/CVE-2015-7848/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7849 page", "url": "https://www.suse.com/security/cve/CVE-2015-7849/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7850 page", "url": "https://www.suse.com/security/cve/CVE-2015-7850/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7851 page", "url": "https://www.suse.com/security/cve/CVE-2015-7851/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7852 page", "url": "https://www.suse.com/security/cve/CVE-2015-7852/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7853 page", "url": "https://www.suse.com/security/cve/CVE-2015-7853/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7854 page", "url": "https://www.suse.com/security/cve/CVE-2015-7854/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7855 page", "url": "https://www.suse.com/security/cve/CVE-2015-7855/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7871 page", "url": "https://www.suse.com/security/cve/CVE-2015-7871/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7973 page", "url": "https://www.suse.com/security/cve/CVE-2015-7973/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7974 page", "url": "https://www.suse.com/security/cve/CVE-2015-7974/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7975 page", "url": "https://www.suse.com/security/cve/CVE-2015-7975/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7976 page", "url": "https://www.suse.com/security/cve/CVE-2015-7976/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7977 page", "url": "https://www.suse.com/security/cve/CVE-2015-7977/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7978 page", "url": "https://www.suse.com/security/cve/CVE-2015-7978/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7979 page", "url": "https://www.suse.com/security/cve/CVE-2015-7979/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8138 page", "url": "https://www.suse.com/security/cve/CVE-2015-8138/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8158 page", "url": "https://www.suse.com/security/cve/CVE-2015-8158/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1547 page", "url": "https://www.suse.com/security/cve/CVE-2016-1547/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1548 page", "url": "https://www.suse.com/security/cve/CVE-2016-1548/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1549 page", "url": "https://www.suse.com/security/cve/CVE-2016-1549/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1550 page", "url": "https://www.suse.com/security/cve/CVE-2016-1550/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1551 page", "url": "https://www.suse.com/security/cve/CVE-2016-1551/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2516 page", "url": "https://www.suse.com/security/cve/CVE-2016-2516/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2517 page", "url": "https://www.suse.com/security/cve/CVE-2016-2517/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2518 page", "url": "https://www.suse.com/security/cve/CVE-2016-2518/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-2519 page", "url": "https://www.suse.com/security/cve/CVE-2016-2519/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4953 page", "url": "https://www.suse.com/security/cve/CVE-2016-4953/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4954 page", "url": "https://www.suse.com/security/cve/CVE-2016-4954/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4955 page", "url": "https://www.suse.com/security/cve/CVE-2016-4955/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4956 page", "url": "https://www.suse.com/security/cve/CVE-2016-4956/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-4957 page", "url": "https://www.suse.com/security/cve/CVE-2016-4957/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7426 page", "url": "https://www.suse.com/security/cve/CVE-2016-7426/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7427 page", "url": "https://www.suse.com/security/cve/CVE-2016-7427/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7428 page", "url": "https://www.suse.com/security/cve/CVE-2016-7428/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7429 page", "url": "https://www.suse.com/security/cve/CVE-2016-7429/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7431 page", "url": "https://www.suse.com/security/cve/CVE-2016-7431/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7433 page", "url": "https://www.suse.com/security/cve/CVE-2016-7433/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-7434 page", "url": "https://www.suse.com/security/cve/CVE-2016-7434/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-9310 page", "url": "https://www.suse.com/security/cve/CVE-2016-9310/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-9311 page", "url": "https://www.suse.com/security/cve/CVE-2016-9311/" } ], "title": "ntp-4.2.8p9-1.1 on GA media", "tracking": { "current_release_date": "2024-06-15T00:00:00Z", "generator": { "date": "2024-06-15T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2024:10181-1", "initial_release_date": "2024-06-15T00:00:00Z", "revision_history": [ { "date": "2024-06-15T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p9-1.1.aarch64", "product": { "name": "ntp-4.2.8p9-1.1.aarch64", "product_id": "ntp-4.2.8p9-1.1.aarch64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p9-1.1.aarch64", "product": { "name": "ntp-doc-4.2.8p9-1.1.aarch64", "product_id": "ntp-doc-4.2.8p9-1.1.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p9-1.1.ppc64le", "product": { "name": "ntp-4.2.8p9-1.1.ppc64le", "product_id": "ntp-4.2.8p9-1.1.ppc64le" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p9-1.1.ppc64le", "product": { "name": "ntp-doc-4.2.8p9-1.1.ppc64le", "product_id": "ntp-doc-4.2.8p9-1.1.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p9-1.1.s390x", "product": { "name": "ntp-4.2.8p9-1.1.s390x", "product_id": "ntp-4.2.8p9-1.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p9-1.1.s390x", "product": { "name": "ntp-doc-4.2.8p9-1.1.s390x", "product_id": "ntp-doc-4.2.8p9-1.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p9-1.1.x86_64", "product": { "name": "ntp-4.2.8p9-1.1.x86_64", "product_id": "ntp-4.2.8p9-1.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p9-1.1.x86_64", "product": { "name": "ntp-doc-4.2.8p9-1.1.x86_64", "product_id": "ntp-doc-4.2.8p9-1.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p9-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64" }, "product_reference": "ntp-4.2.8p9-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p9-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le" }, "product_reference": "ntp-4.2.8p9-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p9-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x" }, "product_reference": "ntp-4.2.8p9-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p9-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64" }, "product_reference": "ntp-4.2.8p9-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p9-1.1.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64" }, "product_reference": "ntp-doc-4.2.8p9-1.1.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p9-1.1.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le" }, "product_reference": "ntp-doc-4.2.8p9-1.1.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p9-1.1.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x" }, "product_reference": "ntp-doc-4.2.8p9-1.1.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p9-1.1.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p9-1.1.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-0159", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2009-0159" } ], "notes": [ { "category": "general", "text": "Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2009-0159", "url": "https://www.suse.com/security/cve/CVE-2009-0159" }, { "category": "external", "summary": "SUSE Bug 484653 for CVE-2009-0159", "url": "https://bugzilla.suse.com/484653" }, { "category": "external", "summary": "SUSE Bug 501632 for CVE-2009-0159", "url": "https://bugzilla.suse.com/501632" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2009-0159" }, { "cve": "CVE-2009-1252", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2009-1252" } ], "notes": [ { "category": "general", "text": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2009-1252", "url": "https://www.suse.com/security/cve/CVE-2009-1252" }, { "category": "external", "summary": "SUSE Bug 501632 for CVE-2009-1252", "url": "https://bugzilla.suse.com/501632" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2009-1252" }, { "cve": "CVE-2013-5211", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2013-5211" } ], "notes": [ { "category": "general", "text": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2013-5211", "url": "https://www.suse.com/security/cve/CVE-2013-5211" }, { "category": "external", "summary": "SUSE Bug 857195 for CVE-2013-5211", "url": "https://bugzilla.suse.com/857195" }, { "category": "external", "summary": "SUSE Bug 889447 for CVE-2013-5211", "url": "https://bugzilla.suse.com/889447" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2013-5211", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2013-5211" }, { "cve": "CVE-2014-9293", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9293" } ], "notes": [ { "category": "general", "text": "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9293", "url": "https://www.suse.com/security/cve/CVE-2014-9293" }, { "category": "external", "summary": "SUSE Bug 910764 for CVE-2014-9293", "url": "https://bugzilla.suse.com/910764" }, { "category": "external", "summary": "SUSE Bug 911053 for CVE-2014-9293", "url": "https://bugzilla.suse.com/911053" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9293", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9293", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9293" }, { "cve": "CVE-2014-9294", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9294" } ], "notes": [ { "category": "general", "text": "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9294", "url": "https://www.suse.com/security/cve/CVE-2014-9294" }, { "category": "external", "summary": "SUSE Bug 910764 for CVE-2014-9294", "url": "https://bugzilla.suse.com/910764" }, { "category": "external", "summary": "SUSE Bug 911053 for CVE-2014-9294", "url": "https://bugzilla.suse.com/911053" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9294", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9294", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9294" }, { "cve": "CVE-2014-9295", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9295" } ], "notes": [ { "category": "general", "text": "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9295", "url": "https://www.suse.com/security/cve/CVE-2014-9295" }, { "category": "external", "summary": "SUSE Bug 910764 for CVE-2014-9295", "url": "https://bugzilla.suse.com/910764" }, { "category": "external", "summary": "SUSE Bug 911053 for CVE-2014-9295", "url": "https://bugzilla.suse.com/911053" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9295", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 916239 for CVE-2014-9295", "url": "https://bugzilla.suse.com/916239" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9295", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9295" }, { "cve": "CVE-2014-9296", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9296" } ], "notes": [ { "category": "general", "text": "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9296", "url": "https://www.suse.com/security/cve/CVE-2014-9296" }, { "category": "external", "summary": "SUSE Bug 910764 for CVE-2014-9296", "url": "https://bugzilla.suse.com/910764" }, { "category": "external", "summary": "SUSE Bug 911053 for CVE-2014-9296", "url": "https://bugzilla.suse.com/911053" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9296", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9296", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2014-9296", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9296" }, { "cve": "CVE-2014-9297", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9297" } ], "notes": [ { "category": "general", "text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9297", "url": "https://www.suse.com/security/cve/CVE-2014-9297" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9297", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 948963 for CVE-2014-9297", "url": "https://bugzilla.suse.com/948963" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9297", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9297" }, { "cve": "CVE-2014-9298", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2014-9298" } ], "notes": [ { "category": "general", "text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2014-9298", "url": "https://www.suse.com/security/cve/CVE-2014-9298" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2014-9298", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 948963 for CVE-2014-9298", "url": "https://bugzilla.suse.com/948963" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2014-9298", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2014-9298" }, { "cve": "CVE-2015-1798", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-1798" } ], "notes": [ { "category": "general", "text": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-1798", "url": "https://www.suse.com/security/cve/CVE-2015-1798" }, { "category": "external", "summary": "SUSE Bug 924202 for CVE-2015-1798", "url": "https://bugzilla.suse.com/924202" }, { "category": "external", "summary": "SUSE Bug 927497 for CVE-2015-1798", "url": "https://bugzilla.suse.com/927497" }, { "category": "external", "summary": "SUSE Bug 928321 for CVE-2015-1798", "url": "https://bugzilla.suse.com/928321" }, { "category": "external", "summary": "SUSE Bug 936327 for CVE-2015-1798", "url": "https://bugzilla.suse.com/936327" }, { "category": "external", "summary": "SUSE Bug 957163 for CVE-2015-1798", "url": "https://bugzilla.suse.com/957163" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-1798" }, { "cve": "CVE-2015-1799", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-1799" } ], "notes": [ { "category": "general", "text": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-1799", "url": "https://www.suse.com/security/cve/CVE-2015-1799" }, { "category": "external", "summary": "SUSE Bug 924202 for CVE-2015-1799", "url": "https://bugzilla.suse.com/924202" }, { "category": "external", "summary": "SUSE Bug 927497 for CVE-2015-1799", "url": "https://bugzilla.suse.com/927497" }, { "category": "external", "summary": "SUSE Bug 928321 for CVE-2015-1799", "url": "https://bugzilla.suse.com/928321" }, { "category": "external", "summary": "SUSE Bug 936327 for CVE-2015-1799", "url": "https://bugzilla.suse.com/936327" }, { "category": "external", "summary": "SUSE Bug 943565 for CVE-2015-1799", "url": "https://bugzilla.suse.com/943565" }, { "category": "external", "summary": "SUSE Bug 957163 for CVE-2015-1799", "url": "https://bugzilla.suse.com/957163" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-1799", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962624 for CVE-2015-1799", "url": "https://bugzilla.suse.com/962624" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-1799" }, { "cve": "CVE-2015-5300", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-5300" } ], "notes": [ { "category": "general", "text": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-5300", "url": "https://www.suse.com/security/cve/CVE-2015-5300" }, { "category": "external", "summary": "SUSE Bug 951629 for CVE-2015-5300", "url": "https://bugzilla.suse.com/951629" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-5300", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962624 for CVE-2015-5300", "url": "https://bugzilla.suse.com/962624" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-5300" }, { "cve": "CVE-2015-7691", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7691" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7691", "url": "https://www.suse.com/security/cve/CVE-2015-7691" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7691", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7691", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7691", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7691", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7691", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7691" }, { "cve": "CVE-2015-7692", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7692" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7692", "url": "https://www.suse.com/security/cve/CVE-2015-7692" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7692", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7692", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7692", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7692", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7692", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7692" }, { "cve": "CVE-2015-7701", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7701" } ], "notes": [ { "category": "general", "text": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7701", "url": "https://www.suse.com/security/cve/CVE-2015-7701" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7701", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7701", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7701", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7701", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7701" }, { "cve": "CVE-2015-7702", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7702" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7702", "url": "https://www.suse.com/security/cve/CVE-2015-7702" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7702", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7702", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7702", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7702", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7702", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7702" }, { "cve": "CVE-2015-7703", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7703" } ], "notes": [ { "category": "general", "text": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7703", "url": "https://www.suse.com/security/cve/CVE-2015-7703" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7703", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 943216 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943216" }, { "category": "external", "summary": "SUSE Bug 943218 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943218" }, { "category": "external", "summary": "SUSE Bug 943219 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943219" }, { "category": "external", "summary": "SUSE Bug 943221 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943221" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7703", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7703", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7703" }, { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7848", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7848" } ], "notes": [ { "category": "general", "text": "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7848", "url": "https://www.suse.com/security/cve/CVE-2015-7848" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7848", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7848", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7848", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7848", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7848" }, { "cve": "CVE-2015-7849", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7849" } ], "notes": [ { "category": "general", "text": "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7849", "url": "https://www.suse.com/security/cve/CVE-2015-7849" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7849", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7849", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7849", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7849", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7849" }, { "cve": "CVE-2015-7850", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7850" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7850", "url": "https://www.suse.com/security/cve/CVE-2015-7850" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7850", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7850", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7850", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7850", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7850" }, { "cve": "CVE-2015-7851", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7851" } ], "notes": [ { "category": "general", "text": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \u0027\\\u0027 or \u0027/\u0027 characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7851", "url": "https://www.suse.com/security/cve/CVE-2015-7851" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7851", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7851", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7851", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7851" }, { "cve": "CVE-2015-7852", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7852" } ], "notes": [ { "category": "general", "text": "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7852", "url": "https://www.suse.com/security/cve/CVE-2015-7852" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7852", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7852", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7852", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7852", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7852" }, { "cve": "CVE-2015-7853", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7853" } ], "notes": [ { "category": "general", "text": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7853", "url": "https://www.suse.com/security/cve/CVE-2015-7853" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7853", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7853", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7853", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7853", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "critical" } ], "title": "CVE-2015-7853" }, { "cve": "CVE-2015-7854", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7854" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7854", "url": "https://www.suse.com/security/cve/CVE-2015-7854" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7854", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7854", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7854", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7854", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2015-7854" }, { "cve": "CVE-2015-7855", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7855" } ], "notes": [ { "category": "general", "text": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7855", "url": "https://www.suse.com/security/cve/CVE-2015-7855" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7855", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7855", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7855", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7855", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7855" }, { "cve": "CVE-2015-7871", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7871" } ], "notes": [ { "category": "general", "text": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7871", "url": "https://www.suse.com/security/cve/CVE-2015-7871" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7871", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7871", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952606 for CVE-2015-7871", "url": "https://bugzilla.suse.com/952606" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7871", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "critical" } ], "title": "CVE-2015-7871" }, { "cve": "CVE-2015-7973", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7973" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7973", "url": "https://www.suse.com/security/cve/CVE-2015-7973" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7973", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7973", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7973" }, { "cve": "CVE-2015-7974", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7974" } ], "notes": [ { "category": "general", "text": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7974", "url": "https://www.suse.com/security/cve/CVE-2015-7974" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7974", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962960 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962960" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2015-7974" }, { "cve": "CVE-2015-7975", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7975" } ], "notes": [ { "category": "general", "text": "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7975", "url": "https://www.suse.com/security/cve/CVE-2015-7975" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7975", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962988 for CVE-2015-7975", "url": "https://bugzilla.suse.com/962988" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7975", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2015-7975" }, { "cve": "CVE-2015-7976", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7976" } ], "notes": [ { "category": "general", "text": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7976", "url": "https://www.suse.com/security/cve/CVE-2015-7976" }, { "category": "external", "summary": "SUSE Bug 962802 for CVE-2015-7976", "url": "https://bugzilla.suse.com/962802" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7976", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2015-7976" }, { "cve": "CVE-2015-7977", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7977" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7977", "url": "https://www.suse.com/security/cve/CVE-2015-7977" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7977", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962970 for CVE-2015-7977", "url": "https://bugzilla.suse.com/962970" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7977", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7977" }, { "cve": "CVE-2015-7978", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7978" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7978", "url": "https://www.suse.com/security/cve/CVE-2015-7978" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7978", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962970 for CVE-2015-7978", "url": "https://bugzilla.suse.com/962970" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7978", "url": "https://bugzilla.suse.com/962995" }, { "category": "external", "summary": "SUSE Bug 963000 for CVE-2015-7978", "url": "https://bugzilla.suse.com/963000" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7978" }, { "cve": "CVE-2015-7979", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7979" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7979", "url": "https://www.suse.com/security/cve/CVE-2015-7979" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7979", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2015-7979", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7979", "url": "https://bugzilla.suse.com/962995" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2015-7979", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2015-7979", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-7979" }, { "cve": "CVE-2015-8138", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8138" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8138", "url": "https://www.suse.com/security/cve/CVE-2015-8138" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-8138", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8138", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 963002 for CVE-2015-8138", "url": "https://bugzilla.suse.com/963002" }, { "category": "external", "summary": "SUSE Bug 974668 for CVE-2015-8138", "url": "https://bugzilla.suse.com/974668" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-8138", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2015-8138" }, { "cve": "CVE-2015-8158", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8158" } ], "notes": [ { "category": "general", "text": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8158", "url": "https://www.suse.com/security/cve/CVE-2015-8158" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8158", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962966 for CVE-2015-8158", "url": "https://bugzilla.suse.com/962966" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2015-8158" }, { "cve": "CVE-2016-1547", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1547" } ], "notes": [ { "category": "general", "text": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1547", "url": "https://www.suse.com/security/cve/CVE-2016-1547" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-1547", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-1547", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982064" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-1547", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1547" }, { "cve": "CVE-2016-1548", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1548" } ], "notes": [ { "category": "general", "text": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1548", "url": "https://www.suse.com/security/cve/CVE-2016-1548" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-1548", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-1548", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-1548", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1548" }, { "cve": "CVE-2016-1549", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1549" } ], "notes": [ { "category": "general", "text": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1549", "url": "https://www.suse.com/security/cve/CVE-2016-1549" }, { "category": "external", "summary": "SUSE Bug 1083424 for CVE-2016-1549", "url": "https://bugzilla.suse.com/1083424" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977451 for CVE-2016-1549", "url": "https://bugzilla.suse.com/977451" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-1549" }, { "cve": "CVE-2016-1550", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1550" } ], "notes": [ { "category": "general", "text": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1550", "url": "https://www.suse.com/security/cve/CVE-2016-1550" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977464 for CVE-2016-1550", "url": "https://bugzilla.suse.com/977464" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-1550" }, { "cve": "CVE-2016-1551", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1551" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1551", "url": "https://www.suse.com/security/cve/CVE-2016-1551" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977450 for CVE-2016-1551", "url": "https://bugzilla.suse.com/977450" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-1551" }, { "cve": "CVE-2016-2516", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2516" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2516", "url": "https://www.suse.com/security/cve/CVE-2016-2516" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977452 for CVE-2016-2516", "url": "https://bugzilla.suse.com/977452" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-2516" }, { "cve": "CVE-2016-2517", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2517" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2517", "url": "https://www.suse.com/security/cve/CVE-2016-2517" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977455 for CVE-2016-2517", "url": "https://bugzilla.suse.com/977455" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-2517" }, { "cve": "CVE-2016-2518", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2518" } ], "notes": [ { "category": "general", "text": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2518", "url": "https://www.suse.com/security/cve/CVE-2016-2518" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977457 for CVE-2016-2518", "url": "https://bugzilla.suse.com/977457" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-2518" }, { "cve": "CVE-2016-2519", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-2519" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-2519", "url": "https://www.suse.com/security/cve/CVE-2016-2519" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2016-2519", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977446" }, { "category": "external", "summary": "SUSE Bug 977458 for CVE-2016-2519", "url": "https://bugzilla.suse.com/977458" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-2519" }, { "cve": "CVE-2016-4953", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4953" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4953", "url": "https://www.suse.com/security/cve/CVE-2016-4953" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2016-4953", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-4953", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4953", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2016-4953", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-4953" }, { "cve": "CVE-2016-4954", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4954" } ], "notes": [ { "category": "general", "text": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4954", "url": "https://www.suse.com/security/cve/CVE-2016-4954" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4954", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982066 for CVE-2016-4954", "url": "https://bugzilla.suse.com/982066" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-4954" }, { "cve": "CVE-2016-4955", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4955" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4955", "url": "https://www.suse.com/security/cve/CVE-2016-4955" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4955", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982067 for CVE-2016-4955", "url": "https://bugzilla.suse.com/982067" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-4955" }, { "cve": "CVE-2016-4956", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4956" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4956", "url": "https://www.suse.com/security/cve/CVE-2016-4956" }, { "category": "external", "summary": "SUSE Bug 977461 for CVE-2016-4956", "url": "https://bugzilla.suse.com/977461" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4956", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982068 for CVE-2016-4956", "url": "https://bugzilla.suse.com/982068" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-4956" }, { "cve": "CVE-2016-4957", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-4957" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-4957", "url": "https://www.suse.com/security/cve/CVE-2016-4957" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2016-4957", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982056 for CVE-2016-4957", "url": "https://bugzilla.suse.com/982056" }, { "category": "external", "summary": "SUSE Bug 982064 for CVE-2016-4957", "url": "https://bugzilla.suse.com/982064" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-4957" }, { "cve": "CVE-2016-7426", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7426" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7426", "url": "https://www.suse.com/security/cve/CVE-2016-7426" }, { "category": "external", "summary": "SUSE Bug 1011406 for CVE-2016-7426", "url": "https://bugzilla.suse.com/1011406" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7426", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7426", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-7426" }, { "cve": "CVE-2016-7427", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7427" } ], "notes": [ { "category": "general", "text": "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7427", "url": "https://www.suse.com/security/cve/CVE-2016-7427" }, { "category": "external", "summary": "SUSE Bug 1011390 for CVE-2016-7427", "url": "https://bugzilla.suse.com/1011390" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7427", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7427", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-7427" }, { "cve": "CVE-2016-7428", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7428" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7428", "url": "https://www.suse.com/security/cve/CVE-2016-7428" }, { "category": "external", "summary": "SUSE Bug 1011417 for CVE-2016-7428", "url": "https://bugzilla.suse.com/1011417" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7428", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7428", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-7428" }, { "cve": "CVE-2016-7429", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7429" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7429", "url": "https://www.suse.com/security/cve/CVE-2016-7429" }, { "category": "external", "summary": "SUSE Bug 1011404 for CVE-2016-7429", "url": "https://bugzilla.suse.com/1011404" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7429", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7429", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-7429" }, { "cve": "CVE-2016-7431", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7431" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7431", "url": "https://www.suse.com/security/cve/CVE-2016-7431" }, { "category": "external", "summary": "SUSE Bug 1011395 for CVE-2016-7431", "url": "https://bugzilla.suse.com/1011395" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7431", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7431", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-7431" }, { "cve": "CVE-2016-7433", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7433" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7433", "url": "https://www.suse.com/security/cve/CVE-2016-7433" }, { "category": "external", "summary": "SUSE Bug 1011411 for CVE-2016-7433", "url": "https://bugzilla.suse.com/1011411" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7433", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7433", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2016-7433" }, { "cve": "CVE-2016-7434", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-7434" } ], "notes": [ { "category": "general", "text": "The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-7434", "url": "https://www.suse.com/security/cve/CVE-2016-7434" }, { "category": "external", "summary": "SUSE Bug 1011398 for CVE-2016-7434", "url": "https://bugzilla.suse.com/1011398" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-7434", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-7434", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-7434" }, { "cve": "CVE-2016-9310", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-9310" } ], "notes": [ { "category": "general", "text": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-9310", "url": "https://www.suse.com/security/cve/CVE-2016-9310" }, { "category": "external", "summary": "SUSE Bug 1011377 for CVE-2016-9310", "url": "https://bugzilla.suse.com/1011377" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-9310", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-9310", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-9310" }, { "cve": "CVE-2016-9311", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-9311" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-9311", "url": "https://www.suse.com/security/cve/CVE-2016-9311" }, { "category": "external", "summary": "SUSE Bug 1011377 for CVE-2016-9311", "url": "https://bugzilla.suse.com/1011377" }, { "category": "external", "summary": "SUSE Bug 1011421 for CVE-2016-9311", "url": "https://bugzilla.suse.com/1011421" }, { "category": "external", "summary": "SUSE Bug 1012330 for CVE-2016-9311", "url": "https://bugzilla.suse.com/1012330" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-9311" } ] }
icsa-21-159-11
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting these vulnerabilities to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities could create a denial-of-service condition as well as other specified and unspecified impacts.", "title": "Risk evaluation" }, { "category": "other", "text": "Multiple Sectors", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target these vulnerabilities.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "external", "summary": "SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-211752.json" }, { "category": "self", "summary": "ICS Advisory ICSA-21-159-11 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-159-11.json" }, { "category": "self", "summary": "ICS Advisory ICSA-21-159-11 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-159-11" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "category": "external", "summary": "SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-211752.txt" } ], "title": "Siemens SIMATIC NET CP 443-1 OPC UA", "tracking": { "current_release_date": "2021-06-08T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-21-159-11", "initial_release_date": "2021-06-08T00:00:00.000000Z", "revision_history": [ { "date": "2021-06-08T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-21-159-11 Siemens SIMATIC NET CP 443-1 OPC UA" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0)", "product_id": "CSAFPID-0001", "product_identification_helper": { "model_numbers": [ "6GK7443-1UX00-0XE0" ] } } } ], "category": "product_name", "name": "SIMATIC CP 443-1 OPC UA" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-7705", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2015-7705 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2015-7705.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7705" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7853", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "notes": [ { "category": "summary", "text": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2015-7853 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2015-7853.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7853" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2015-7853" }, { "cve": "CVE-2015-8138", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2015-8138 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2015-8138.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8138" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2015-8138" }, { "cve": "CVE-2016-1547", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-1547 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-1547.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1547" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-1547" }, { "cve": "CVE-2016-1548", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "notes": [ { "category": "summary", "text": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-1548 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-1548.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1548" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-1548" }, { "cve": "CVE-2016-1550", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "summary", "text": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-1550 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-1550.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1550" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-1550" }, { "cve": "CVE-2016-2518", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-2518 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-2518.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2518" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-2518" }, { "cve": "CVE-2016-4953", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "notes": [ { "category": "summary", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-4953 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-4953.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4953" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-4953" }, { "cve": "CVE-2016-4954", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "notes": [ { "category": "summary", "text": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-4954 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-4954.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4954" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-4954" }, { "cve": "CVE-2016-4955", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "notes": [ { "category": "summary", "text": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-4955 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-4955.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4955" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-4955" }, { "cve": "CVE-2016-4956", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-4956 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-4956.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4956" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-4956" }, { "cve": "CVE-2016-7431", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-7431 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-7431.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7431" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-7431" }, { "cve": "CVE-2016-7433", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "notes": [ { "category": "summary", "text": "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-7433 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-7433.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7433" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-7433" }, { "cve": "CVE-2016-9042", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-9042 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-9042.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9042" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-9042" }, { "cve": "CVE-2017-6458", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "summary", "text": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2017-6458 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2017-6458.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6548" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2017-6458" } ] }
ICSA-21-159-11
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting these vulnerabilities to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities could create a denial-of-service condition as well as other specified and unspecified impacts.", "title": "Risk evaluation" }, { "category": "other", "text": "Multiple Sectors", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target these vulnerabilities.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "external", "summary": "SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-211752.json" }, { "category": "self", "summary": "ICS Advisory ICSA-21-159-11 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-159-11.json" }, { "category": "self", "summary": "ICS Advisory ICSA-21-159-11 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-159-11" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "category": "external", "summary": "SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-211752.txt" } ], "title": "Siemens SIMATIC NET CP 443-1 OPC UA", "tracking": { "current_release_date": "2021-06-08T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-21-159-11", "initial_release_date": "2021-06-08T00:00:00.000000Z", "revision_history": [ { "date": "2021-06-08T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-21-159-11 Siemens SIMATIC NET CP 443-1 OPC UA" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0)", "product_id": "CSAFPID-0001", "product_identification_helper": { "model_numbers": [ "6GK7443-1UX00-0XE0" ] } } } ], "category": "product_name", "name": "SIMATIC CP 443-1 OPC UA" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-7705", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2015-7705 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2015-7705.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7705" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7853", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "notes": [ { "category": "summary", "text": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2015-7853 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2015-7853.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7853" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2015-7853" }, { "cve": "CVE-2015-8138", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2015-8138 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2015-8138.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8138" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2015-8138" }, { "cve": "CVE-2016-1547", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-1547 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-1547.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1547" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-1547" }, { "cve": "CVE-2016-1548", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "notes": [ { "category": "summary", "text": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-1548 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-1548.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1548" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-1548" }, { "cve": "CVE-2016-1550", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "summary", "text": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-1550 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-1550.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1550" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-1550" }, { "cve": "CVE-2016-2518", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-2518 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-2518.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2518" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-2518" }, { "cve": "CVE-2016-4953", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "notes": [ { "category": "summary", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-4953 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-4953.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4953" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-4953" }, { "cve": "CVE-2016-4954", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "notes": [ { "category": "summary", "text": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-4954 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-4954.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4954" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-4954" }, { "cve": "CVE-2016-4955", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "notes": [ { "category": "summary", "text": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-4955 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-4955.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4955" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-4955" }, { "cve": "CVE-2016-4956", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-4956 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-4956.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4956" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-4956" }, { "cve": "CVE-2016-7431", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-7431 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-7431.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7431" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-7431" }, { "cve": "CVE-2016-7433", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "notes": [ { "category": "summary", "text": "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-7433 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-7433.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7433" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-7433" }, { "cve": "CVE-2016-9042", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2016-9042 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2016-9042.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9042" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2016-9042" }, { "cve": "CVE-2017-6458", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "summary", "text": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "CVE-2017-6458 Mitre 5.0 json", "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2017-6458.json" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6548" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "no_fix_planned", "details": "Currently no remediation is planned", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Deactivate NTP-based time synchronization of the device, if enabled. The feature is disabled by default", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Configure an additional firewall to prevent communication to port udp/123 of an affected device", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2017-6458" } ] }
suse-su-2015:2058-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "This ntp update provides the following security and non security fixes:\n\n- Update to 4.2.8p4 to fix several security issues (bsc#951608):\n * CVE-2015-7871: NAK to the Future: Symmetric association\n authentication bypass via crypto-NAK\n * CVE-2015-7855: decodenetnum() will ASSERT botch instead of\n returning FAIL on some bogus values\n * CVE-2015-7854: Password Length Memory Corruption Vulnerability\n * CVE-2015-7853: Invalid length data provided by a custom\n refclock driver could cause a buffer overflow\n * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability\n * CVE-2015-7851 saveconfig Directory Traversal Vulnerability\n * CVE-2015-7850 remote config logfile-keyfile\n * CVE-2015-7849 trusted key use-after-free\n * CVE-2015-7848 mode 7 loop counter underrun\n * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC\n * CVE-2015-7703 configuration directives \u0027pidfile\u0027 and\n \u0027driftfile\u0027 should only be allowed locally\n * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should\n validate the origin timestamp field\n * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey\n data packet length checks\n- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).\n- Add a controlkey to ntp.conf to make the above work.\n- Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don\u0027t write ntp keys to syslog.\n- Don\u0027t let \u0027keysdir\u0027 lines in ntp.conf trigger the \u0027keys\u0027 parser.\n- Fix the comment regarding addserver in ntp.conf (bnc#910063).\n- Remove ntp.1.gz, it wasn\u0027t installed anymore.\n- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.\n The rest is partially irrelevant, partially redundant and\n potentially outdated (bsc#942587).\n- Remove \u0027kod\u0027 from the restrict line in ntp.conf (bsc#944300).\n- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).\n- Require perl-Socket6 (bsc#942441).\n- Fix incomplete backporting of \u0027rcntp ntptimemset\u0027.\n", "title": "Description of the patch" }, { "category": "details", "text": "sledsp4-ntp-12218,slessp4-ntp-12218", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2058-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2015:2058-1", "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152058-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2015:2058-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2015-November/001688.html" }, { "category": "self", "summary": "SUSE Bug 905885", "url": "https://bugzilla.suse.com/905885" }, { "category": "self", "summary": "SUSE Bug 910063", "url": "https://bugzilla.suse.com/910063" }, { "category": "self", "summary": "SUSE Bug 936327", "url": "https://bugzilla.suse.com/936327" }, { "category": "self", "summary": "SUSE Bug 942441", "url": "https://bugzilla.suse.com/942441" }, { "category": "self", "summary": "SUSE Bug 942587", "url": "https://bugzilla.suse.com/942587" }, { "category": "self", "summary": "SUSE Bug 944300", "url": "https://bugzilla.suse.com/944300" }, { "category": "self", "summary": "SUSE Bug 951608", "url": "https://bugzilla.suse.com/951608" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7691 page", "url": "https://www.suse.com/security/cve/CVE-2015-7691/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7692 page", "url": "https://www.suse.com/security/cve/CVE-2015-7692/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7701 page", "url": "https://www.suse.com/security/cve/CVE-2015-7701/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7702 page", "url": "https://www.suse.com/security/cve/CVE-2015-7702/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7703 page", "url": "https://www.suse.com/security/cve/CVE-2015-7703/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7848 page", "url": "https://www.suse.com/security/cve/CVE-2015-7848/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7849 page", "url": "https://www.suse.com/security/cve/CVE-2015-7849/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7850 page", "url": "https://www.suse.com/security/cve/CVE-2015-7850/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7851 page", "url": "https://www.suse.com/security/cve/CVE-2015-7851/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7852 page", "url": "https://www.suse.com/security/cve/CVE-2015-7852/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7853 page", "url": "https://www.suse.com/security/cve/CVE-2015-7853/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7854 page", "url": "https://www.suse.com/security/cve/CVE-2015-7854/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7855 page", "url": "https://www.suse.com/security/cve/CVE-2015-7855/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7871 page", "url": "https://www.suse.com/security/cve/CVE-2015-7871/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2015-11-20T09:21:30Z", "generator": { "date": "2015-11-20T09:21:30Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2015:2058-1", "initial_release_date": "2015-11-20T09:21:30Z", "revision_history": [ { "date": "2015-11-20T09:21:30Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p4-5.1.i586", "product": { "name": "ntp-4.2.8p4-5.1.i586", "product_id": "ntp-4.2.8p4-5.1.i586" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p4-5.1.i586", "product": { "name": "ntp-doc-4.2.8p4-5.1.i586", "product_id": "ntp-doc-4.2.8p4-5.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p4-5.1.ia64", "product": { "name": "ntp-4.2.8p4-5.1.ia64", "product_id": "ntp-4.2.8p4-5.1.ia64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p4-5.1.ia64", "product": { "name": "ntp-doc-4.2.8p4-5.1.ia64", "product_id": "ntp-doc-4.2.8p4-5.1.ia64" } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p4-5.1.ppc64", "product": { "name": "ntp-4.2.8p4-5.1.ppc64", "product_id": "ntp-4.2.8p4-5.1.ppc64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p4-5.1.ppc64", "product": { "name": "ntp-doc-4.2.8p4-5.1.ppc64", "product_id": "ntp-doc-4.2.8p4-5.1.ppc64" } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p4-5.1.s390x", "product": { "name": "ntp-4.2.8p4-5.1.s390x", "product_id": "ntp-4.2.8p4-5.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p4-5.1.s390x", "product": { "name": "ntp-doc-4.2.8p4-5.1.s390x", "product_id": "ntp-doc-4.2.8p4-5.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p4-5.1.x86_64", "product": { "name": "ntp-4.2.8p4-5.1.x86_64", "product_id": "ntp-4.2.8p4-5.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p4-5.1.x86_64", "product": { "name": "ntp-doc-4.2.8p4-5.1.x86_64", "product_id": "ntp-doc-4.2.8p4-5.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 11 SP4", "product": { "name": "SUSE Linux Enterprise Desktop 11 SP4", "product_id": "SUSE Linux Enterprise Desktop 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sled:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP4", "product": { "name": "SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles:11:sp4" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:11:sp4" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4", "product_id": "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586" }, "product_reference": "ntp-4.2.8p4-5.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4", "product_id": "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64" }, "product_reference": "ntp-4.2.8p4-5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4", "product_id": "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586" }, "product_reference": "ntp-doc-4.2.8p4-5.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4", "product_id": "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p4-5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586" }, "product_reference": "ntp-4.2.8p4-5.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64" }, "product_reference": "ntp-4.2.8p4-5.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64" }, "product_reference": "ntp-4.2.8p4-5.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x" }, "product_reference": "ntp-4.2.8p4-5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64" }, "product_reference": "ntp-4.2.8p4-5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586" }, "product_reference": "ntp-doc-4.2.8p4-5.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64" }, "product_reference": "ntp-doc-4.2.8p4-5.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64" }, "product_reference": "ntp-doc-4.2.8p4-5.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x" }, "product_reference": "ntp-doc-4.2.8p4-5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", "product_id": "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p4-5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586" }, "product_reference": "ntp-4.2.8p4-5.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64" }, "product_reference": "ntp-4.2.8p4-5.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64" }, "product_reference": "ntp-4.2.8p4-5.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x" }, "product_reference": "ntp-4.2.8p4-5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64" }, "product_reference": "ntp-4.2.8p4-5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586" }, "product_reference": "ntp-doc-4.2.8p4-5.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64" }, "product_reference": "ntp-doc-4.2.8p4-5.1.ia64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64" }, "product_reference": "ntp-doc-4.2.8p4-5.1.ppc64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x" }, "product_reference": "ntp-doc-4.2.8p4-5.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p4-5.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-7691", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7691" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7691", "url": "https://www.suse.com/security/cve/CVE-2015-7691" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7691", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7691", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7691", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7691", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7691", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "important" } ], "title": "CVE-2015-7691" }, { "cve": "CVE-2015-7692", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7692" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7692", "url": "https://www.suse.com/security/cve/CVE-2015-7692" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7692", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7692", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7692", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7692", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7692", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "important" } ], "title": "CVE-2015-7692" }, { "cve": "CVE-2015-7701", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7701" } ], "notes": [ { "category": "general", "text": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7701", "url": "https://www.suse.com/security/cve/CVE-2015-7701" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7701", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7701", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7701", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7701", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "important" } ], "title": "CVE-2015-7701" }, { "cve": "CVE-2015-7702", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7702" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7702", "url": "https://www.suse.com/security/cve/CVE-2015-7702" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7702", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7702", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7702", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7702", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7702", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "important" } ], "title": "CVE-2015-7702" }, { "cve": "CVE-2015-7703", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7703" } ], "notes": [ { "category": "general", "text": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7703", "url": "https://www.suse.com/security/cve/CVE-2015-7703" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7703", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 943216 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943216" }, { "category": "external", "summary": "SUSE Bug 943218 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943218" }, { "category": "external", "summary": "SUSE Bug 943219 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943219" }, { "category": "external", "summary": "SUSE Bug 943221 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943221" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7703", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7703", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "moderate" } ], "title": "CVE-2015-7703" }, { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7848", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7848" } ], "notes": [ { "category": "general", "text": "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7848", "url": "https://www.suse.com/security/cve/CVE-2015-7848" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7848", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7848", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7848", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7848", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "moderate" } ], "title": "CVE-2015-7848" }, { "cve": "CVE-2015-7849", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7849" } ], "notes": [ { "category": "general", "text": "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7849", "url": "https://www.suse.com/security/cve/CVE-2015-7849" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7849", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7849", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7849", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7849", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "important" } ], "title": "CVE-2015-7849" }, { "cve": "CVE-2015-7850", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7850" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7850", "url": "https://www.suse.com/security/cve/CVE-2015-7850" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7850", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7850", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7850", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7850", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "moderate" } ], "title": "CVE-2015-7850" }, { "cve": "CVE-2015-7851", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7851" } ], "notes": [ { "category": "general", "text": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \u0027\\\u0027 or \u0027/\u0027 characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7851", "url": "https://www.suse.com/security/cve/CVE-2015-7851" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7851", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7851", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7851", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "moderate" } ], "title": "CVE-2015-7851" }, { "cve": "CVE-2015-7852", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7852" } ], "notes": [ { "category": "general", "text": "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7852", "url": "https://www.suse.com/security/cve/CVE-2015-7852" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7852", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7852", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7852", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7852", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "moderate" } ], "title": "CVE-2015-7852" }, { "cve": "CVE-2015-7853", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7853" } ], "notes": [ { "category": "general", "text": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7853", "url": "https://www.suse.com/security/cve/CVE-2015-7853" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7853", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7853", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7853", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7853", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "critical" } ], "title": "CVE-2015-7853" }, { "cve": "CVE-2015-7854", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7854" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7854", "url": "https://www.suse.com/security/cve/CVE-2015-7854" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7854", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7854", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7854", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7854", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "important" } ], "title": "CVE-2015-7854" }, { "cve": "CVE-2015-7855", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7855" } ], "notes": [ { "category": "general", "text": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7855", "url": "https://www.suse.com/security/cve/CVE-2015-7855" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7855", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7855", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7855", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7855", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "moderate" } ], "title": "CVE-2015-7855" }, { "cve": "CVE-2015-7871", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7871" } ], "notes": [ { "category": "general", "text": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7871", "url": "https://www.suse.com/security/cve/CVE-2015-7871" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7871", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7871", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952606 for CVE-2015-7871", "url": "https://bugzilla.suse.com/952606" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7871", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2015-11-20T09:21:30Z", "details": "critical" } ], "title": "CVE-2015-7871" } ] }
suse-su-2016:1247-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "ntp was updated to version 4.2.8p6 to fix 28 security issues.\n\nMajor functional changes:\n- The \u0027sntp\u0027 commandline tool changed its option handling in a major way,\n some options have been renamed or dropped.\n- \u0027controlkey 1\u0027 is added during update to ntp.conf to allow sntp to work.\n- The local clock is being disabled during update.\n- ntpd is no longer running chrooted.\n\nOther functional changes:\n- ntp-signd is installed.\n- \u0027enable mode7\u0027 can be added to the configuration to allow ntdpc to work as compatibility mode option.\n- \u0027kod\u0027 was removed from the default restrictions.\n- SHA1 keys are used by default instead of MD5 keys.\n\nAlso yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837)\n\nThese security issues were fixed:\n- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).\n- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).\n- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802).\n- CVE-2015-7975: nextvar() missing length check (bsc#962988).\n- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).\n- CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).\n- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n- CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629).\n- CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608).\n- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608).\n- CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608).\n- CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608).\n- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608).\n- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).\n- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).\n- CVE-2015-7849: trusted key use-after-free (bsc#951608).\n- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).\n- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).\n- CVE-2015-7703: configuration directives \u0027pidfile\u0027 and \u0027driftfile\u0027 should only be allowed locally (bsc#951608).\n- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608).\n- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608).\n\nThese non-security issues were fixed:\n- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd).\n This replaces the w32 patches in 4.2.4 that added the authreg\n directive.\n- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd.\n When run as cron job, /usr/sbin/ is not in the path, which caused\n the synchronization to fail.\n- bsc#782060: Speedup ntpq.\n- bsc#916617: Add /var/db/ntp-kod.\n- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems.\n- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n- Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted.\n- Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq.\n- bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution.\n- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n- Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don\u0027t write ntp keys to syslog.\n- Fix legacy action scripts to pass on command line arguments.\n- bsc#944300: Remove \u0027kod\u0027 from the restrict line in ntp.conf.\n- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n- Add a controlkey to ntp.conf to make the above work.\n- Don\u0027t let \u0027keysdir\u0027 lines in ntp.conf trigger the \u0027keys\u0027 parser.\n- Disable mode 7 (ntpdc) again, now that we don\u0027t use it anymore.\n- Add \u0027addserver\u0027 as a new legacy action.\n- bsc#910063: Fix the comment regarding addserver in ntp.conf.\n- bsc#926510: Disable chroot by default.\n- bsc#920238: Enable ntpdc for backwards compatibility.\n", "title": "Description of the patch" }, { "category": "details", "text": "SUSE-SLE-DESKTOP-12-2016-727,SUSE-SLE-SDK-12-2016-727,SUSE-SLE-SERVER-12-2016-727", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1247-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2016:1247-1", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161247-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2016:1247-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-May/002043.html" }, { "category": "self", "summary": "SUSE Bug 782060", "url": "https://bugzilla.suse.com/782060" }, { "category": "self", "summary": "SUSE Bug 905885", "url": "https://bugzilla.suse.com/905885" }, { "category": "self", "summary": "SUSE Bug 910063", "url": "https://bugzilla.suse.com/910063" }, { "category": "self", "summary": "SUSE Bug 916617", "url": "https://bugzilla.suse.com/916617" }, { "category": "self", "summary": "SUSE Bug 920238", "url": "https://bugzilla.suse.com/920238" }, { "category": "self", "summary": "SUSE Bug 926510", "url": "https://bugzilla.suse.com/926510" }, { "category": "self", "summary": "SUSE Bug 936327", "url": "https://bugzilla.suse.com/936327" }, { "category": "self", "summary": "SUSE Bug 937837", "url": "https://bugzilla.suse.com/937837" }, { "category": "self", "summary": "SUSE Bug 942587", "url": "https://bugzilla.suse.com/942587" }, { "category": "self", "summary": "SUSE Bug 944300", "url": "https://bugzilla.suse.com/944300" }, { "category": "self", "summary": "SUSE Bug 946386", "url": "https://bugzilla.suse.com/946386" }, { "category": "self", "summary": "SUSE Bug 951559", "url": "https://bugzilla.suse.com/951559" }, { "category": "self", "summary": "SUSE Bug 951608", "url": "https://bugzilla.suse.com/951608" }, { "category": "self", "summary": "SUSE Bug 951629", "url": "https://bugzilla.suse.com/951629" }, { "category": "self", "summary": "SUSE Bug 954982", "url": "https://bugzilla.suse.com/954982" }, { "category": "self", "summary": "SUSE Bug 956773", "url": "https://bugzilla.suse.com/956773" }, { "category": "self", "summary": "SUSE Bug 962318", "url": "https://bugzilla.suse.com/962318" }, { "category": "self", "summary": "SUSE Bug 962784", "url": "https://bugzilla.suse.com/962784" }, { "category": "self", "summary": "SUSE Bug 962802", "url": "https://bugzilla.suse.com/962802" }, { "category": "self", "summary": "SUSE Bug 962960", "url": "https://bugzilla.suse.com/962960" }, { "category": "self", "summary": "SUSE Bug 962966", "url": "https://bugzilla.suse.com/962966" }, { "category": "self", "summary": "SUSE Bug 962970", "url": "https://bugzilla.suse.com/962970" }, { "category": "self", "summary": "SUSE Bug 962988", "url": "https://bugzilla.suse.com/962988" }, { "category": "self", "summary": "SUSE Bug 962994", "url": "https://bugzilla.suse.com/962994" }, { "category": "self", "summary": "SUSE Bug 962995", "url": "https://bugzilla.suse.com/962995" }, { "category": "self", "summary": "SUSE Bug 962997", "url": "https://bugzilla.suse.com/962997" }, { "category": "self", "summary": "SUSE Bug 963000", "url": "https://bugzilla.suse.com/963000" }, { "category": "self", "summary": "SUSE Bug 963002", "url": "https://bugzilla.suse.com/963002" }, { "category": "self", "summary": "SUSE Bug 975496", "url": "https://bugzilla.suse.com/975496" }, { "category": "self", "summary": "SUSE Bug 975981", "url": "https://bugzilla.suse.com/975981" }, { "category": "self", "summary": "SUSE CVE CVE-2015-5300 page", "url": "https://www.suse.com/security/cve/CVE-2015-5300/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7691 page", "url": "https://www.suse.com/security/cve/CVE-2015-7691/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7692 page", "url": "https://www.suse.com/security/cve/CVE-2015-7692/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7701 page", "url": "https://www.suse.com/security/cve/CVE-2015-7701/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7702 page", "url": "https://www.suse.com/security/cve/CVE-2015-7702/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7703 page", "url": "https://www.suse.com/security/cve/CVE-2015-7703/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7848 page", "url": "https://www.suse.com/security/cve/CVE-2015-7848/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7849 page", "url": "https://www.suse.com/security/cve/CVE-2015-7849/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7850 page", "url": "https://www.suse.com/security/cve/CVE-2015-7850/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7851 page", "url": "https://www.suse.com/security/cve/CVE-2015-7851/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7852 page", "url": "https://www.suse.com/security/cve/CVE-2015-7852/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7853 page", "url": "https://www.suse.com/security/cve/CVE-2015-7853/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7854 page", "url": "https://www.suse.com/security/cve/CVE-2015-7854/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7855 page", "url": "https://www.suse.com/security/cve/CVE-2015-7855/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7871 page", "url": "https://www.suse.com/security/cve/CVE-2015-7871/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7973 page", "url": "https://www.suse.com/security/cve/CVE-2015-7973/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7974 page", "url": "https://www.suse.com/security/cve/CVE-2015-7974/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7975 page", "url": "https://www.suse.com/security/cve/CVE-2015-7975/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7976 page", "url": "https://www.suse.com/security/cve/CVE-2015-7976/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7977 page", "url": "https://www.suse.com/security/cve/CVE-2015-7977/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7978 page", "url": "https://www.suse.com/security/cve/CVE-2015-7978/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7979 page", "url": "https://www.suse.com/security/cve/CVE-2015-7979/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8138 page", "url": "https://www.suse.com/security/cve/CVE-2015-8138/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8139 page", "url": "https://www.suse.com/security/cve/CVE-2015-8139/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8140 page", "url": "https://www.suse.com/security/cve/CVE-2015-8140/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8158 page", "url": "https://www.suse.com/security/cve/CVE-2015-8158/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2016-05-06T07:50:51Z", "generator": { "date": "2016-05-06T07:50:51Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2016:1247-1", "initial_release_date": "2016-05-06T07:50:51Z", "revision_history": [ { "date": "2016-05-06T07:50:51Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "yast2-ntp-client-3.1.12.4-8.2.noarch", "product": { "name": "yast2-ntp-client-3.1.12.4-8.2.noarch", "product_id": "yast2-ntp-client-3.1.12.4-8.2.noarch" } }, { "category": "product_version", "name": "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", "product": { "name": "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", "product_id": "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p6-46.5.2.ppc64le", "product": { "name": "ntp-4.2.8p6-46.5.2.ppc64le", "product_id": "ntp-4.2.8p6-46.5.2.ppc64le" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p6-46.5.2.ppc64le", "product": { "name": "ntp-doc-4.2.8p6-46.5.2.ppc64le", "product_id": "ntp-doc-4.2.8p6-46.5.2.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p6-46.5.2.s390x", "product": { "name": "ntp-4.2.8p6-46.5.2.s390x", "product_id": "ntp-4.2.8p6-46.5.2.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p6-46.5.2.s390x", "product": { "name": "ntp-doc-4.2.8p6-46.5.2.s390x", "product_id": "ntp-doc-4.2.8p6-46.5.2.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p6-46.5.2.x86_64", "product": { "name": "ntp-4.2.8p6-46.5.2.x86_64", "product_id": "ntp-4.2.8p6-46.5.2.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p6-46.5.2.x86_64", "product": { "name": "ntp-doc-4.2.8p6-46.5.2.x86_64", "product_id": "ntp-doc-4.2.8p6-46.5.2.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux Enterprise Desktop 12", "product": { "name": "SUSE Linux Enterprise Desktop 12", "product_id": "SUSE Linux Enterprise Desktop 12", "product_identification_helper": { "cpe": "cpe:/o:suse:sled:12" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Software Development Kit 12", "product": { "name": "SUSE Linux Enterprise Software Development Kit 12", "product_id": "SUSE Linux Enterprise Software Development Kit 12", "product_identification_helper": { "cpe": "cpe:/o:suse:sle-sdk:12" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 12", "product": { "name": "SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:12" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server for SAP Applications 12", "product": { "name": "SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12", "product_identification_helper": { "cpe": "cpe:/o:suse:sles_sap:12" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Desktop 12", "product_id": "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64" }, "product_reference": "ntp-4.2.8p6-46.5.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Desktop 12", "product_id": "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-46.5.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12" }, { "category": "default_component_of", "full_product_name": { "name": "yast2-ntp-client-3.1.12.4-8.2.noarch as component of SUSE Linux Enterprise Desktop 12", "product_id": "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch" }, "product_reference": "yast2-ntp-client-3.1.12.4-8.2.noarch", "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12" }, { "category": "default_component_of", "full_product_name": { "name": "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch as component of SUSE Linux Enterprise Software Development Kit 12", "product_id": "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" }, "product_reference": "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-46.5.2.ppc64le as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le" }, "product_reference": "ntp-4.2.8p6-46.5.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-46.5.2.s390x as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x" }, "product_reference": "ntp-4.2.8p6-46.5.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64" }, "product_reference": "ntp-4.2.8p6-46.5.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-46.5.2.ppc64le as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le" }, "product_reference": "ntp-doc-4.2.8p6-46.5.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-46.5.2.s390x as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x" }, "product_reference": "ntp-doc-4.2.8p6-46.5.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-46.5.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "yast2-ntp-client-3.1.12.4-8.2.noarch as component of SUSE Linux Enterprise Server 12", "product_id": "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch" }, "product_reference": "yast2-ntp-client-3.1.12.4-8.2.noarch", "relates_to_product_reference": "SUSE Linux Enterprise Server 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-46.5.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le" }, "product_reference": "ntp-4.2.8p6-46.5.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-46.5.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x" }, "product_reference": "ntp-4.2.8p6-46.5.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64" }, "product_reference": "ntp-4.2.8p6-46.5.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-46.5.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le" }, "product_reference": "ntp-doc-4.2.8p6-46.5.2.ppc64le", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-46.5.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x" }, "product_reference": "ntp-doc-4.2.8p6-46.5.2.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-46.5.2.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" }, { "category": "default_component_of", "full_product_name": { "name": "yast2-ntp-client-3.1.12.4-8.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12", "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch" }, "product_reference": "yast2-ntp-client-3.1.12.4-8.2.noarch", "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-5300", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-5300" } ], "notes": [ { "category": "general", "text": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-5300", "url": "https://www.suse.com/security/cve/CVE-2015-5300" }, { "category": "external", "summary": "SUSE Bug 951629 for CVE-2015-5300", "url": "https://bugzilla.suse.com/951629" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-5300", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962624 for CVE-2015-5300", "url": "https://bugzilla.suse.com/962624" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-5300" }, { "cve": "CVE-2015-7691", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7691" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7691", "url": "https://www.suse.com/security/cve/CVE-2015-7691" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7691", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7691", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7691", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7691", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7691", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "important" } ], "title": "CVE-2015-7691" }, { "cve": "CVE-2015-7692", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7692" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7692", "url": "https://www.suse.com/security/cve/CVE-2015-7692" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7692", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7692", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7692", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7692", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7692", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "important" } ], "title": "CVE-2015-7692" }, { "cve": "CVE-2015-7701", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7701" } ], "notes": [ { "category": "general", "text": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7701", "url": "https://www.suse.com/security/cve/CVE-2015-7701" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7701", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7701", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7701", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7701", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "important" } ], "title": "CVE-2015-7701" }, { "cve": "CVE-2015-7702", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7702" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7702", "url": "https://www.suse.com/security/cve/CVE-2015-7702" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7702", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7702", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7702", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7702", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7702", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "important" } ], "title": "CVE-2015-7702" }, { "cve": "CVE-2015-7703", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7703" } ], "notes": [ { "category": "general", "text": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7703", "url": "https://www.suse.com/security/cve/CVE-2015-7703" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7703", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 943216 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943216" }, { "category": "external", "summary": "SUSE Bug 943218 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943218" }, { "category": "external", "summary": "SUSE Bug 943219 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943219" }, { "category": "external", "summary": "SUSE Bug 943221 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943221" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7703", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7703", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7703" }, { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7848", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7848" } ], "notes": [ { "category": "general", "text": "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7848", "url": "https://www.suse.com/security/cve/CVE-2015-7848" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7848", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7848", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7848", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7848", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7848" }, { "cve": "CVE-2015-7849", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7849" } ], "notes": [ { "category": "general", "text": "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7849", "url": "https://www.suse.com/security/cve/CVE-2015-7849" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7849", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7849", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7849", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7849", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "important" } ], "title": "CVE-2015-7849" }, { "cve": "CVE-2015-7850", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7850" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7850", "url": "https://www.suse.com/security/cve/CVE-2015-7850" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7850", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7850", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7850", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7850", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7850" }, { "cve": "CVE-2015-7851", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7851" } ], "notes": [ { "category": "general", "text": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \u0027\\\u0027 or \u0027/\u0027 characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7851", "url": "https://www.suse.com/security/cve/CVE-2015-7851" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7851", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7851", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7851", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7851" }, { "cve": "CVE-2015-7852", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7852" } ], "notes": [ { "category": "general", "text": "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7852", "url": "https://www.suse.com/security/cve/CVE-2015-7852" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7852", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7852", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7852", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7852", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7852" }, { "cve": "CVE-2015-7853", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7853" } ], "notes": [ { "category": "general", "text": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7853", "url": "https://www.suse.com/security/cve/CVE-2015-7853" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7853", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7853", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7853", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7853", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "critical" } ], "title": "CVE-2015-7853" }, { "cve": "CVE-2015-7854", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7854" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7854", "url": "https://www.suse.com/security/cve/CVE-2015-7854" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7854", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7854", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7854", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7854", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "important" } ], "title": "CVE-2015-7854" }, { "cve": "CVE-2015-7855", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7855" } ], "notes": [ { "category": "general", "text": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7855", "url": "https://www.suse.com/security/cve/CVE-2015-7855" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7855", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7855", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7855", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7855", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7855" }, { "cve": "CVE-2015-7871", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7871" } ], "notes": [ { "category": "general", "text": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7871", "url": "https://www.suse.com/security/cve/CVE-2015-7871" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7871", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7871", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952606 for CVE-2015-7871", "url": "https://bugzilla.suse.com/952606" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7871", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "critical" } ], "title": "CVE-2015-7871" }, { "cve": "CVE-2015-7973", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7973" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7973", "url": "https://www.suse.com/security/cve/CVE-2015-7973" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7973", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7973", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7973" }, { "cve": "CVE-2015-7974", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7974" } ], "notes": [ { "category": "general", "text": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7974", "url": "https://www.suse.com/security/cve/CVE-2015-7974" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7974", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962960 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962960" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "low" } ], "title": "CVE-2015-7974" }, { "cve": "CVE-2015-7975", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7975" } ], "notes": [ { "category": "general", "text": "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7975", "url": "https://www.suse.com/security/cve/CVE-2015-7975" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7975", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962988 for CVE-2015-7975", "url": "https://bugzilla.suse.com/962988" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7975", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "low" } ], "title": "CVE-2015-7975" }, { "cve": "CVE-2015-7976", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7976" } ], "notes": [ { "category": "general", "text": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7976", "url": "https://www.suse.com/security/cve/CVE-2015-7976" }, { "category": "external", "summary": "SUSE Bug 962802 for CVE-2015-7976", "url": "https://bugzilla.suse.com/962802" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7976", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "low" } ], "title": "CVE-2015-7976" }, { "cve": "CVE-2015-7977", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7977" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7977", "url": "https://www.suse.com/security/cve/CVE-2015-7977" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7977", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962970 for CVE-2015-7977", "url": "https://bugzilla.suse.com/962970" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7977", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7977" }, { "cve": "CVE-2015-7978", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7978" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7978", "url": "https://www.suse.com/security/cve/CVE-2015-7978" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7978", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962970 for CVE-2015-7978", "url": "https://bugzilla.suse.com/962970" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7978", "url": "https://bugzilla.suse.com/962995" }, { "category": "external", "summary": "SUSE Bug 963000 for CVE-2015-7978", "url": "https://bugzilla.suse.com/963000" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7978" }, { "cve": "CVE-2015-7979", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7979" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7979", "url": "https://www.suse.com/security/cve/CVE-2015-7979" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7979", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2015-7979", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7979", "url": "https://bugzilla.suse.com/962995" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2015-7979", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2015-7979", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-7979" }, { "cve": "CVE-2015-8138", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8138" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8138", "url": "https://www.suse.com/security/cve/CVE-2015-8138" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-8138", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8138", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 963002 for CVE-2015-8138", "url": "https://bugzilla.suse.com/963002" }, { "category": "external", "summary": "SUSE Bug 974668 for CVE-2015-8138", "url": "https://bugzilla.suse.com/974668" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-8138", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-8138" }, { "cve": "CVE-2015-8139", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8139" } ], "notes": [ { "category": "general", "text": "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8139", "url": "https://www.suse.com/security/cve/CVE-2015-8139" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-8139", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8139", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962997 for CVE-2015-8139", "url": "https://bugzilla.suse.com/962997" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-8139" }, { "cve": "CVE-2015-8140", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8140" } ], "notes": [ { "category": "general", "text": "The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8140", "url": "https://www.suse.com/security/cve/CVE-2015-8140" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-8140", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8140", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962994 for CVE-2015-8140", "url": "https://bugzilla.suse.com/962994" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "moderate" } ], "title": "CVE-2015-8140" }, { "cve": "CVE-2015-8158", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8158" } ], "notes": [ { "category": "general", "text": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8158", "url": "https://www.suse.com/security/cve/CVE-2015-8158" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8158", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962966 for CVE-2015-8158", "url": "https://bugzilla.suse.com/962966" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch" ] } ], "threats": [ { "category": "impact", "date": "2016-05-06T07:50:51Z", "details": "low" } ], "title": "CVE-2015-8158" } ] }
suse-su-2016:1311-1
Vulnerability from csaf_suse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for ntp", "title": "Title of the patch" }, { "category": "description", "text": "\nThis network time protocol server ntp was updated to 4.2.8p6 to fix the following\nissues:\n\nAlso yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837)\n\nMajor functional changes:\n- The \u0027sntp\u0027 commandline tool changed its option handling in a major way.\n- \u0027controlkey 1\u0027 is added during update to ntp.conf to allow sntp to work.\n- The local clock is being disabled during update.\n- ntpd is no longer running chrooted.\n\n\nOther functional changes:\n- ntp-signd is installed.\n- \u0027enable mode7\u0027 can be added to the configuration to allow ntdpc to work as compatibility mode option.\n- \u0027kod\u0027 was removed from the default restrictions.\n- SHA1 keys are used by default instead of MD5 keys.\n\nThese security issues were fixed:\n- CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216).\n- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).\n- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).\n- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802).\n- CVE-2015-7975: nextvar() missing length check (bsc#962988).\n- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).\n- CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).\n- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n- CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629).\n- CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608).\n- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608).\n- CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608).\n- CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608).\n- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608).\n- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).\n- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).\n- CVE-2015-7849: trusted key use-after-free (bsc#951608).\n- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).\n- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).\n- CVE-2015-7703: configuration directives \u0027pidfile\u0027 and \u0027driftfile\u0027 should only be allowed locally (bsc#951608).\n- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608).\n- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608).\n\nThese non-security issues were fixed:\n- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd).\n This replaces the w32 patches in 4.2.4 that added the authreg\n directive.\n- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd.\n When run as cron job, /usr/sbin/ is not in the path, which caused\n the synchronization to fail.\n- bsc#782060: Speedup ntpq.\n- bsc#916617: Add /var/db/ntp-kod.\n- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems.\n- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n- Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted.\n- Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq.\n- bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution.\n- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n- Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don\u0027t write ntp keys to syslog.\n- Fix legacy action scripts to pass on command line arguments.\n- bsc#944300: Remove \u0027kod\u0027 from the restrict line in ntp.conf.\n- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n- Don\u0027t let \u0027keysdir\u0027 lines in ntp.conf trigger the \u0027keys\u0027 parser.\n- Disable mode 7 (ntpdc) again, now that we don\u0027t use it anymore.\n- Add \u0027addserver\u0027 as a new legacy action.\n- bsc#910063: Fix the comment regarding addserver in ntp.conf.\n- bsc#926510: Disable chroot by default.\n- bsc#920238: Enable ntpdc for backwards compatibility.\n- bsc#784760: Remove local clock from default configuration.\n- bsc#942441/fate#319496: Require perl-Socket6.\n- Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don\u0027t write ntp keys to syslog.\n- bsc#920183: Allow -4 and -6 address qualifiers in \u0027server\u0027 directives.\n- Use upstream ntp-wait, because our version is incompatible with\n the new ntpq command line syntax.\n", "title": "Description of the patch" }, { "category": "details", "text": "sleclo50sp3-ntp-12561,sleman21-ntp-12561,slemap21-ntp-12561,slessp2-ntp-12561,slessp3-ntp-12561", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1311-1.json" }, { "category": "self", "summary": "URL for SUSE-SU-2016:1311-1", "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20161311-1/" }, { "category": "self", "summary": "E-Mail link for SUSE-SU-2016:1311-1", "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-May/002064.html" }, { "category": "self", "summary": "SUSE Bug 782060", "url": "https://bugzilla.suse.com/782060" }, { "category": "self", "summary": "SUSE Bug 784760", "url": "https://bugzilla.suse.com/784760" }, { "category": "self", "summary": "SUSE Bug 905885", "url": "https://bugzilla.suse.com/905885" }, { "category": "self", "summary": "SUSE Bug 910063", "url": "https://bugzilla.suse.com/910063" }, { "category": "self", "summary": "SUSE Bug 916617", "url": "https://bugzilla.suse.com/916617" }, { "category": "self", "summary": "SUSE Bug 920183", "url": "https://bugzilla.suse.com/920183" }, { "category": "self", "summary": "SUSE Bug 920238", "url": "https://bugzilla.suse.com/920238" }, { "category": "self", "summary": "SUSE Bug 926510", "url": "https://bugzilla.suse.com/926510" }, { "category": "self", "summary": "SUSE Bug 936327", "url": "https://bugzilla.suse.com/936327" }, { "category": "self", "summary": "SUSE Bug 937837", "url": "https://bugzilla.suse.com/937837" }, { "category": "self", "summary": "SUSE Bug 942441", "url": "https://bugzilla.suse.com/942441" }, { "category": "self", "summary": "SUSE Bug 942587", "url": "https://bugzilla.suse.com/942587" }, { "category": "self", "summary": "SUSE Bug 943216", "url": "https://bugzilla.suse.com/943216" }, { "category": "self", "summary": "SUSE Bug 943218", "url": "https://bugzilla.suse.com/943218" }, { "category": "self", "summary": "SUSE Bug 944300", "url": "https://bugzilla.suse.com/944300" }, { "category": "self", "summary": "SUSE Bug 946386", "url": "https://bugzilla.suse.com/946386" }, { "category": "self", "summary": "SUSE Bug 951351", "url": "https://bugzilla.suse.com/951351" }, { "category": "self", "summary": "SUSE Bug 951559", "url": "https://bugzilla.suse.com/951559" }, { "category": "self", "summary": "SUSE Bug 951608", "url": "https://bugzilla.suse.com/951608" }, { "category": "self", "summary": "SUSE Bug 951629", "url": "https://bugzilla.suse.com/951629" }, { "category": "self", "summary": "SUSE Bug 954982", "url": "https://bugzilla.suse.com/954982" }, { "category": "self", "summary": "SUSE Bug 956773", "url": "https://bugzilla.suse.com/956773" }, { "category": "self", "summary": "SUSE Bug 962318", "url": "https://bugzilla.suse.com/962318" }, { "category": "self", "summary": "SUSE Bug 962784", "url": "https://bugzilla.suse.com/962784" }, { "category": "self", "summary": "SUSE Bug 962802", "url": "https://bugzilla.suse.com/962802" }, { "category": "self", "summary": "SUSE Bug 962960", "url": "https://bugzilla.suse.com/962960" }, { "category": "self", "summary": "SUSE Bug 962966", "url": "https://bugzilla.suse.com/962966" }, { "category": "self", "summary": "SUSE Bug 962970", "url": "https://bugzilla.suse.com/962970" }, { "category": "self", "summary": "SUSE Bug 962988", "url": "https://bugzilla.suse.com/962988" }, { "category": "self", "summary": "SUSE Bug 962994", "url": "https://bugzilla.suse.com/962994" }, { "category": "self", "summary": "SUSE Bug 962995", "url": "https://bugzilla.suse.com/962995" }, { "category": "self", "summary": "SUSE Bug 962997", "url": "https://bugzilla.suse.com/962997" }, { "category": "self", "summary": "SUSE Bug 963000", "url": "https://bugzilla.suse.com/963000" }, { "category": "self", "summary": "SUSE Bug 963002", "url": "https://bugzilla.suse.com/963002" }, { "category": "self", "summary": "SUSE Bug 975496", "url": "https://bugzilla.suse.com/975496" }, { "category": "self", "summary": "SUSE Bug 975981", "url": "https://bugzilla.suse.com/975981" }, { "category": "self", "summary": "SUSE CVE CVE-2015-5194 page", "url": "https://www.suse.com/security/cve/CVE-2015-5194/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-5219 page", "url": "https://www.suse.com/security/cve/CVE-2015-5219/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-5300 page", "url": "https://www.suse.com/security/cve/CVE-2015-5300/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7691 page", "url": "https://www.suse.com/security/cve/CVE-2015-7691/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7692 page", "url": "https://www.suse.com/security/cve/CVE-2015-7692/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7701 page", "url": "https://www.suse.com/security/cve/CVE-2015-7701/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7702 page", "url": "https://www.suse.com/security/cve/CVE-2015-7702/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7703 page", "url": "https://www.suse.com/security/cve/CVE-2015-7703/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7704 page", "url": "https://www.suse.com/security/cve/CVE-2015-7704/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7705 page", "url": "https://www.suse.com/security/cve/CVE-2015-7705/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7848 page", "url": "https://www.suse.com/security/cve/CVE-2015-7848/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7849 page", "url": "https://www.suse.com/security/cve/CVE-2015-7849/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7850 page", "url": "https://www.suse.com/security/cve/CVE-2015-7850/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7851 page", "url": "https://www.suse.com/security/cve/CVE-2015-7851/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7852 page", "url": "https://www.suse.com/security/cve/CVE-2015-7852/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7853 page", "url": "https://www.suse.com/security/cve/CVE-2015-7853/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7854 page", "url": "https://www.suse.com/security/cve/CVE-2015-7854/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7855 page", "url": "https://www.suse.com/security/cve/CVE-2015-7855/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7871 page", "url": "https://www.suse.com/security/cve/CVE-2015-7871/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7973 page", "url": "https://www.suse.com/security/cve/CVE-2015-7973/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7974 page", "url": "https://www.suse.com/security/cve/CVE-2015-7974/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7975 page", "url": "https://www.suse.com/security/cve/CVE-2015-7975/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7976 page", "url": "https://www.suse.com/security/cve/CVE-2015-7976/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7977 page", "url": "https://www.suse.com/security/cve/CVE-2015-7977/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7978 page", "url": "https://www.suse.com/security/cve/CVE-2015-7978/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-7979 page", "url": "https://www.suse.com/security/cve/CVE-2015-7979/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8138 page", "url": "https://www.suse.com/security/cve/CVE-2015-8138/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8139 page", "url": "https://www.suse.com/security/cve/CVE-2015-8139/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8140 page", "url": "https://www.suse.com/security/cve/CVE-2015-8140/" }, { "category": "self", "summary": "SUSE CVE CVE-2015-8158 page", "url": "https://www.suse.com/security/cve/CVE-2015-8158/" } ], "title": "Security update for ntp", "tracking": { "current_release_date": "2016-05-17T09:29:35Z", "generator": { "date": "2016-05-17T09:29:35Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "SUSE-SU-2016:1311-1", "initial_release_date": "2016-05-17T09:29:35Z", "revision_history": [ { "date": "2016-05-17T09:29:35Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p6-41.1.i586", "product": { "name": "ntp-4.2.8p6-41.1.i586", "product_id": "ntp-4.2.8p6-41.1.i586" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p6-41.1.i586", "product": { "name": "ntp-doc-4.2.8p6-41.1.i586", "product_id": "ntp-doc-4.2.8p6-41.1.i586" } } ], "category": "architecture", "name": "i586" }, { "branches": [ { "category": "product_version", "name": "yast2-ntp-client-2.17.14.1-1.12.1.noarch", "product": { "name": "yast2-ntp-client-2.17.14.1-1.12.1.noarch", "product_id": "yast2-ntp-client-2.17.14.1-1.12.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p6-41.1.s390x", "product": { "name": "ntp-4.2.8p6-41.1.s390x", "product_id": "ntp-4.2.8p6-41.1.s390x" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p6-41.1.s390x", "product": { "name": "ntp-doc-4.2.8p6-41.1.s390x", "product_id": "ntp-doc-4.2.8p6-41.1.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-4.2.8p6-41.1.x86_64", "product": { "name": "ntp-4.2.8p6-41.1.x86_64", "product_id": "ntp-4.2.8p6-41.1.x86_64" } }, { "category": "product_version", "name": "ntp-doc-4.2.8p6-41.1.x86_64", "product": { "name": "ntp-doc-4.2.8p6-41.1.x86_64", "product_id": "ntp-doc-4.2.8p6-41.1.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "SUSE OpenStack Cloud 5", "product": { "name": "SUSE OpenStack Cloud 5", "product_id": "SUSE OpenStack Cloud 5", "product_identification_helper": { "cpe": "cpe:/o:suse:cloud:5" } } }, { "category": "product_name", "name": "SUSE Manager 2.1", "product": { "name": "SUSE Manager 2.1", "product_id": "SUSE Manager 2.1", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-server:2.1" } } }, { "category": "product_name", "name": "SUSE Manager Proxy 2.1", "product": { "name": "SUSE Manager Proxy 2.1", "product_id": "SUSE Manager Proxy 2.1", "product_identification_helper": { "cpe": "cpe:/o:suse:suse-manager-proxy:2.1" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product": { "name": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp2" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product": { "name": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3" } } }, { "category": "product_name", "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product": { "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_identification_helper": { "cpe": "cpe:/o:suse:sles:11:sp3:teradata" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.x86_64 as component of SUSE OpenStack Cloud 5", "product_id": "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE OpenStack Cloud 5" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE OpenStack Cloud 5", "product_id": "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE OpenStack Cloud 5" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.s390x as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x" }, "product_reference": "ntp-4.2.8p6-41.1.s390x", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.s390x as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x" }, "product_reference": "ntp-doc-4.2.8p6-41.1.s390x", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Manager 2.1", "product_id": "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Manager 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Manager Proxy 2.1", "product_id": "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Manager Proxy 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Manager Proxy 2.1", "product_id": "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Manager Proxy 2.1" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586" }, "product_reference": "ntp-4.2.8p6-41.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x" }, "product_reference": "ntp-4.2.8p6-41.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586" }, "product_reference": "ntp-doc-4.2.8p6-41.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x" }, "product_reference": "ntp-doc-4.2.8p6-41.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "yast2-ntp-client-2.17.14.1-1.12.1.noarch as component of SUSE Linux Enterprise Server 11 SP2-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch" }, "product_reference": "yast2-ntp-client-2.17.14.1-1.12.1.noarch", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP2-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586" }, "product_reference": "ntp-4.2.8p6-41.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x" }, "product_reference": "ntp-4.2.8p6-41.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586" }, "product_reference": "ntp-doc-4.2.8p6-41.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x" }, "product_reference": "ntp-doc-4.2.8p6-41.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586" }, "product_reference": "ntp-4.2.8p6-41.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x" }, "product_reference": "ntp-4.2.8p6-41.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586" }, "product_reference": "ntp-doc-4.2.8p6-41.1.i586", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x" }, "product_reference": "ntp-doc-4.2.8p6-41.1.s390x", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64" }, "product_reference": "ntp-doc-4.2.8p6-41.1.x86_64", "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA" } ] }, "vulnerabilities": [ { "cve": "CVE-2015-5194", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-5194" } ], "notes": [ { "category": "general", "text": "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-5194", "url": "https://www.suse.com/security/cve/CVE-2015-5194" }, { "category": "external", "summary": "SUSE Bug 943216 for CVE-2015-5194", "url": "https://bugzilla.suse.com/943216" }, { "category": "external", "summary": "SUSE Bug 943218 for CVE-2015-5194", "url": "https://bugzilla.suse.com/943218" }, { "category": "external", "summary": "SUSE Bug 943219 for CVE-2015-5194", "url": "https://bugzilla.suse.com/943219" }, { "category": "external", "summary": "SUSE Bug 943221 for CVE-2015-5194", "url": "https://bugzilla.suse.com/943221" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-5194", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "low" } ], "title": "CVE-2015-5194" }, { "cve": "CVE-2015-5219", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-5219" } ], "notes": [ { "category": "general", "text": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-5219", "url": "https://www.suse.com/security/cve/CVE-2015-5219" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-5219", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 943216 for CVE-2015-5219", "url": "https://bugzilla.suse.com/943216" }, { "category": "external", "summary": "SUSE Bug 943218 for CVE-2015-5219", "url": "https://bugzilla.suse.com/943218" }, { "category": "external", "summary": "SUSE Bug 943219 for CVE-2015-5219", "url": "https://bugzilla.suse.com/943219" }, { "category": "external", "summary": "SUSE Bug 943221 for CVE-2015-5219", "url": "https://bugzilla.suse.com/943221" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-5219", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "important" } ], "title": "CVE-2015-5219" }, { "cve": "CVE-2015-5300", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-5300" } ], "notes": [ { "category": "general", "text": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-5300", "url": "https://www.suse.com/security/cve/CVE-2015-5300" }, { "category": "external", "summary": "SUSE Bug 951629 for CVE-2015-5300", "url": "https://bugzilla.suse.com/951629" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-5300", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962624 for CVE-2015-5300", "url": "https://bugzilla.suse.com/962624" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-5300" }, { "cve": "CVE-2015-7691", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7691" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7691", "url": "https://www.suse.com/security/cve/CVE-2015-7691" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7691", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7691", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7691", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7691", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7691", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "important" } ], "title": "CVE-2015-7691" }, { "cve": "CVE-2015-7692", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7692" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7692", "url": "https://www.suse.com/security/cve/CVE-2015-7692" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7692", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7692", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7692", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7692", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7692", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "important" } ], "title": "CVE-2015-7692" }, { "cve": "CVE-2015-7701", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7701" } ], "notes": [ { "category": "general", "text": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7701", "url": "https://www.suse.com/security/cve/CVE-2015-7701" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7701", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7701", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7701", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7701", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "important" } ], "title": "CVE-2015-7701" }, { "cve": "CVE-2015-7702", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7702" } ], "notes": [ { "category": "general", "text": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7702", "url": "https://www.suse.com/security/cve/CVE-2015-7702" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7702", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 911792 for CVE-2015-7702", "url": "https://bugzilla.suse.com/911792" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7702", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7702", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7702", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "important" } ], "title": "CVE-2015-7702" }, { "cve": "CVE-2015-7703", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7703" } ], "notes": [ { "category": "general", "text": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7703", "url": "https://www.suse.com/security/cve/CVE-2015-7703" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7703", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 943216 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943216" }, { "category": "external", "summary": "SUSE Bug 943218 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943218" }, { "category": "external", "summary": "SUSE Bug 943219 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943219" }, { "category": "external", "summary": "SUSE Bug 943221 for CVE-2015-7703", "url": "https://bugzilla.suse.com/943221" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7703", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7703", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7703" }, { "cve": "CVE-2015-7704", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7704" } ], "notes": [ { "category": "general", "text": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7704", "url": "https://www.suse.com/security/cve/CVE-2015-7704" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7704", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7704", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7704", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7704", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-7704", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "important" } ], "title": "CVE-2015-7704" }, { "cve": "CVE-2015-7705", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7705" } ], "notes": [ { "category": "general", "text": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7705", "url": "https://www.suse.com/security/cve/CVE-2015-7705" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7705", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7705", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952611 for CVE-2015-7705", "url": "https://bugzilla.suse.com/952611" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7705", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "critical" } ], "title": "CVE-2015-7705" }, { "cve": "CVE-2015-7848", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7848" } ], "notes": [ { "category": "general", "text": "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7848", "url": "https://www.suse.com/security/cve/CVE-2015-7848" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7848", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7848", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7848", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7848", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7848" }, { "cve": "CVE-2015-7849", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7849" } ], "notes": [ { "category": "general", "text": "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7849", "url": "https://www.suse.com/security/cve/CVE-2015-7849" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7849", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7849", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7849", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7849", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "important" } ], "title": "CVE-2015-7849" }, { "cve": "CVE-2015-7850", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7850" } ], "notes": [ { "category": "general", "text": "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7850", "url": "https://www.suse.com/security/cve/CVE-2015-7850" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7850", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7850", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7850", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7850", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7850" }, { "cve": "CVE-2015-7851", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7851" } ], "notes": [ { "category": "general", "text": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \u0027\\\u0027 or \u0027/\u0027 characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7851", "url": "https://www.suse.com/security/cve/CVE-2015-7851" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7851", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7851", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7851", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7851" }, { "cve": "CVE-2015-7852", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7852" } ], "notes": [ { "category": "general", "text": "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7852", "url": "https://www.suse.com/security/cve/CVE-2015-7852" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7852", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7852", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7852", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7852", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7852" }, { "cve": "CVE-2015-7853", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7853" } ], "notes": [ { "category": "general", "text": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7853", "url": "https://www.suse.com/security/cve/CVE-2015-7853" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7853", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7853", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7853", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7853", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "critical" } ], "title": "CVE-2015-7853" }, { "cve": "CVE-2015-7854", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7854" } ], "notes": [ { "category": "general", "text": "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7854", "url": "https://www.suse.com/security/cve/CVE-2015-7854" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7854", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7854", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7854", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7854", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "important" } ], "title": "CVE-2015-7854" }, { "cve": "CVE-2015-7855", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7855" } ], "notes": [ { "category": "general", "text": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7855", "url": "https://www.suse.com/security/cve/CVE-2015-7855" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7855", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7855", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7855", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 992991 for CVE-2015-7855", "url": "https://bugzilla.suse.com/992991" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7855" }, { "cve": "CVE-2015-7871", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7871" } ], "notes": [ { "category": "general", "text": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7871", "url": "https://www.suse.com/security/cve/CVE-2015-7871" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-7871", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-7871", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 952606 for CVE-2015-7871", "url": "https://bugzilla.suse.com/952606" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7871", "url": "https://bugzilla.suse.com/959243" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "critical" } ], "title": "CVE-2015-7871" }, { "cve": "CVE-2015-7973", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7973" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7973", "url": "https://www.suse.com/security/cve/CVE-2015-7973" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7973", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7973", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7973" }, { "cve": "CVE-2015-7974", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7974" } ], "notes": [ { "category": "general", "text": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7974", "url": "https://www.suse.com/security/cve/CVE-2015-7974" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7974", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962960 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962960" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7974", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "low" } ], "title": "CVE-2015-7974" }, { "cve": "CVE-2015-7975", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7975" } ], "notes": [ { "category": "general", "text": "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7975", "url": "https://www.suse.com/security/cve/CVE-2015-7975" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7975", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962988 for CVE-2015-7975", "url": "https://bugzilla.suse.com/962988" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7975", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "low" } ], "title": "CVE-2015-7975" }, { "cve": "CVE-2015-7976", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7976" } ], "notes": [ { "category": "general", "text": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7976", "url": "https://www.suse.com/security/cve/CVE-2015-7976" }, { "category": "external", "summary": "SUSE Bug 962802 for CVE-2015-7976", "url": "https://bugzilla.suse.com/962802" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7976", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "low" } ], "title": "CVE-2015-7976" }, { "cve": "CVE-2015-7977", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7977" } ], "notes": [ { "category": "general", "text": "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7977", "url": "https://www.suse.com/security/cve/CVE-2015-7977" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7977", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962970 for CVE-2015-7977", "url": "https://bugzilla.suse.com/962970" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7977", "url": "https://bugzilla.suse.com/962995" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7977" }, { "cve": "CVE-2015-7978", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7978" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7978", "url": "https://www.suse.com/security/cve/CVE-2015-7978" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7978", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962970 for CVE-2015-7978", "url": "https://bugzilla.suse.com/962970" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7978", "url": "https://bugzilla.suse.com/962995" }, { "category": "external", "summary": "SUSE Bug 963000 for CVE-2015-7978", "url": "https://bugzilla.suse.com/963000" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7978" }, { "cve": "CVE-2015-7979", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-7979" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-7979", "url": "https://www.suse.com/security/cve/CVE-2015-7979" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-7979", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962784 for CVE-2015-7979", "url": "https://bugzilla.suse.com/962784" }, { "category": "external", "summary": "SUSE Bug 962995 for CVE-2015-7979", "url": "https://bugzilla.suse.com/962995" }, { "category": "external", "summary": "SUSE Bug 977459 for CVE-2015-7979", "url": "https://bugzilla.suse.com/977459" }, { "category": "external", "summary": "SUSE Bug 982065 for CVE-2015-7979", "url": "https://bugzilla.suse.com/982065" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-7979" }, { "cve": "CVE-2015-8138", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8138" } ], "notes": [ { "category": "general", "text": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8138", "url": "https://www.suse.com/security/cve/CVE-2015-8138" }, { "category": "external", "summary": "SUSE Bug 951608 for CVE-2015-8138", "url": "https://bugzilla.suse.com/951608" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8138", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 963002 for CVE-2015-8138", "url": "https://bugzilla.suse.com/963002" }, { "category": "external", "summary": "SUSE Bug 974668 for CVE-2015-8138", "url": "https://bugzilla.suse.com/974668" }, { "category": "external", "summary": "SUSE Bug 977446 for CVE-2015-8138", "url": "https://bugzilla.suse.com/977446" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-8138" }, { "cve": "CVE-2015-8139", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8139" } ], "notes": [ { "category": "general", "text": "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8139", "url": "https://www.suse.com/security/cve/CVE-2015-8139" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-8139", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8139", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962997 for CVE-2015-8139", "url": "https://bugzilla.suse.com/962997" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-8139" }, { "cve": "CVE-2015-8140", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8140" } ], "notes": [ { "category": "general", "text": "The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8140", "url": "https://www.suse.com/security/cve/CVE-2015-8140" }, { "category": "external", "summary": "SUSE Bug 1010964 for CVE-2015-8140", "url": "https://bugzilla.suse.com/1010964" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8140", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962994 for CVE-2015-8140", "url": "https://bugzilla.suse.com/962994" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "moderate" } ], "title": "CVE-2015-8140" }, { "cve": "CVE-2015-8158", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2015-8158" } ], "notes": [ { "category": "general", "text": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.", "title": "CVE description" } ], "product_status": { "recommended": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2015-8158", "url": "https://www.suse.com/security/cve/CVE-2015-8158" }, { "category": "external", "summary": "SUSE Bug 959243 for CVE-2015-8158", "url": "https://bugzilla.suse.com/959243" }, { "category": "external", "summary": "SUSE Bug 962966 for CVE-2015-8158", "url": "https://bugzilla.suse.com/962966" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2016-05-17T09:29:35Z", "details": "low" } ], "title": "CVE-2015-8158" } ] }
ghsa-m46c-h6cr-xhm7
Vulnerability from github
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
{ "affected": [], "aliases": [ "CVE-2015-7853" ], "database_specific": { "cwe_ids": [ "CWE-120" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2017-08-07T20:29:00Z", "severity": "CRITICAL" }, "details": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "id": "GHSA-m46c-h6cr-xhm7", "modified": "2025-04-20T03:42:20Z", "published": "2022-05-13T01:08:36Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7853" }, { "type": "WEB", "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201607-15" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20171004-0001" }, { "type": "WEB", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "type": "WEB", "url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html" }, { "type": "WEB", "url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html" }, { "type": "WEB", "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "type": "WEB", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/77273" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1033951" }, { "type": "WEB", "url": "http://www.talosintel.com/vulnerability-reports" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-2783-1" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
gsd-2015-7853
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2015-7853", "description": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "id": "GSD-2015-7853", "references": [ "https://www.suse.com/security/cve/CVE-2015-7853.html", "https://ubuntu.com/security/CVE-2015-7853", "https://advisories.mageia.org/CVE-2015-7853.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2015-7853" ], "details": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", "id": "GSD-2015-7853", "modified": "2023-12-13T01:20:01.914194Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7853", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://support.ntp.org/bin/view/Main/NtpBug2920", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "name": "SUSE-SU-2016:1912", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "name": "USN-2783-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2783-1" }, { "name": "SUSE-SU-2016:1247", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "name": "1033951", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033951" }, { "name": "SUSE-SU-2016:1311", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "name": "SUSE-SU-2016:2094", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "name": "77273", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77273" }, { "name": "openSUSE-SU-2016:1423", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "name": "GLSA-201607-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201607-15" }, { "name": "https://security.netapp.com/advisory/ntap-20171004-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "name": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html" }, { "name": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html" }, { "name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp" }, { "name": "https://bto.bluecoat.com/security-advisory/sa103", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "name": "http://www.talosintel.com/vulnerability-reports/", "refsource": "MISC", "url": "http://www.talosintel.com/vulnerability-reports/" }, { "name": "openSUSE-SU-2015:2016", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.3.77", "versionStartIncluding": "4.3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7853" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-120" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Third Party Advisory", "VDB Entry" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "name": "77273", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/77273" }, { "name": "http://support.ntp.org/bin/view/Main/NtpBug2920", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "name": "GLSA-201607-15", "refsource": "GENTOO", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://security.gentoo.org/glsa/201607-15" }, { "name": "1033951", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1033951" }, { "name": "https://security.netapp.com/advisory/ntap-20171004-0001/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf", "refsource": "CONFIRM", "tags": [], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "name": "SUSE-SU-2016:1247", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "name": "openSUSE-SU-2016:1423", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "name": "SUSE-SU-2016:1311", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "name": "SUSE-SU-2016:1912", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "name": "SUSE-SU-2016:2094", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "name": "openSUSE-SU-2015:2016", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "name": "USN-2783-1", "refsource": "UBUNTU", "tags": [], "url": "http://www.ubuntu.com/usn/USN-2783-1" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "name": "https://bto.bluecoat.com/security-advisory/sa103", "refsource": "CONFIRM", "tags": [], "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "name": "20151029 [slackware-security] ntp (SSA:2015-302-03)", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "name": "http://www.talosintel.com/vulnerability-reports/", "refsource": "MISC", "tags": [], "url": "http://www.talosintel.com/vulnerability-reports/" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11", "refsource": "MISC", "tags": [], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "name": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html", "refsource": "MISC", "tags": [], "url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html" }, { "name": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html", "refsource": "MISC", "tags": [], "url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html" }, { "name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "refsource": "CISCO", "tags": [], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": true, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2021-07-16T13:15Z", "publishedDate": "2017-08-07T20:29Z" } } }
var-201708-0036
Vulnerability from variot
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. NTP Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Network Time Protocol is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib Module: ntp Announced: 2015-10-26 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE) 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6) 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23) 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE) 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29) CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/.
I. Background
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source.
II. Problem Description
Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and 10.1 are not affected.
If ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual long data value where a network address is expected, the decodenetnum() function will abort with an assertion failure instead of simply returning a failure condition. [CVE-2015-7855]
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd(8) that may cause it to crash, with the hypothetical possibility of a small code injection. [CVE-2015-7854]
A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd(8) driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd(8) and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack. [CVE-2015-7853]
If an attacker can figure out the precise moment that ntpq(8) is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd(8) that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack. [CVE-2015-7849]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]. The default configuration of ntpd(8) within FreeBSD does not allow mode 7 packets.
If ntpd(8) is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory. [CVE-2015-7701]. The default configuration of ntpd(8) within FreeBSD does not use autokey.
If ntpd(8) is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files. [CVE-2015-5196]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration
An ntpd(8) client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. [CVE-2015-7704]
The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. [CVE-2015-7702]. The default configuration of ntpd(8) within FreeBSD does not use autokey.
III. Impact
An attacker which can send NTP packets to ntpd(8), which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. [CVE-2015-7871]
An attacker which can send NTP packets to ntpd(8), can block the communication of the daemon with time servers, causing the system clock not being synchronized. [CVE-2015-7704]
An attacker which can send NTP packets to ntpd(8), can remotely crash the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854] [CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]
An attacker which can send NTP packets to ntpd(8), can remotely trigger the daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
The ntpd service has to be restarted after the update. A reboot is recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.2]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2
bunzip2 ntp-102.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc
gpg --verify ntp-102.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2
bunzip2 ntp-101.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc
gpg --verify ntp-101.patch.asc
[FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2
bunzip2 ntp-93.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc
gpg --verify ntp-93.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
find contrib/ntp -type f -empty -delete
c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html.
d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended, which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and with help of the etcupdate(8) tool on 10.1-RELEASE.
Restart the ntpd(8) daemon, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/9/ r289998 releng/9.3/ r290001 stable/10/ r289997 releng/10.1/ r290000 releng/10.2/ r289999
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN
VII. References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/ RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM 7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15 rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6 JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB 8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk EUlBT3ViDhHNrI7PTaiI =djPm -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. (CVE-2015-5146)
Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)
Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)
Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703)
Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)
It was discovered that NTP incorrectly handled memory when processing certain autokey messages. (CVE-2015-7701)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock. (CVE-2015-7704, CVE-2015-7705)
Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)
Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)
Yves Younan discovered that NTP incorrectly handled reference clock memory. (CVE-2015-7853)
John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855)
Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. (CVE-2015-7871)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1
Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2783-1 CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6 . Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server.
On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows:
CVE-2015-7691 - Denial of Service AutoKey Malicious Message CVE-2015-7692 - Denial of Service AutoKey Malicious Message CVE-2015-7701 - Denial of Service CRYPTO_ASSOC Memory Leak CVE-2015-7702 - Denial of Service AutoKey Malicious Message CVE-2015-7703 - Configuration Directive File Overwrite Vulnerability CVE-2015-7704 - Denial of Service by Spoofed Kiss-o'-Death CVE-2015-7705 - Denial of Service by Priming the Pump CVE-2015-7848 - Network Time Protocol ntpd multiple integer overflow read access violations CVE-2015-7849 - Network Time Protocol Trusted Keys Memory Corruption Vulnerability CVE-2015-7850 - Network Time Protocol Remote Configuration Denial of Service Vulnerability CVE-2015-7851 - Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability CVE-2015-7852 - Network Time Protocol ntpq atoascii Memory Corruption Vulnerability CVE-2015-7853 - Network Time Protocol Reference Clock Memory Corruption Vulnerability CVE-2015-7854 - Network Time Protocol Password Length Memory Corruption Vulnerability CVE-2015-7855 - Denial of Service Long Control Packet Message CVE-2015-7871 - NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability
Additional details on each of the vulnerabilities can be found at the following links:
Official Security Advisory from ntp.org: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Boston University: http://www.cs.bu.edu/~goldbe/NTPattack.html Cisco TALOS: http://talosintel.com/vulnerability-reports/
Cisco will release software updates that address these vulnerabilities.
Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz
Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz
Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz
Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz
Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz
Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz
Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0036", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ntp", "scope": "eq", "trust": 1.3, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.3.0" }, { "model": "data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oncommand performance manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.2.8" }, { "model": "ntp", "scope": "gte", "trust": 1.0, "vendor": "ntp", "version": "4.2.0" }, { "model": "oncommand unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ntp", "scope": "lt", "trust": 1.0, "vendor": "ntp", "version": "4.3.77" }, { "model": "oncommand balance", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.3.77" }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.2.x" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": "4.2.8p4" }, { "model": "ntp", "scope": "eq", "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "ntp", "scope": "lt", "trust": 0.8, "vendor": "ntp", "version": "4.3.x" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.4" }, { "model": "ntp", "scope": "eq", "trust": 0.6, "vendor": "ntp", "version": "4.2.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "14.0" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.37" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.1" }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "ntpd", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.1" }, { "model": "ntpd", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.25" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.6" }, { "model": "p74", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p153", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "p8", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p7", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p6", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.3.70" }, { "model": "4.2.8p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.8p2", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p366", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p111", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.7p11", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p3", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.5p186", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "junos os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.4.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.50" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.8" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.10" }, { "model": "ib6131 gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "83.4" }, { "model": "ib6131 gb infiniband switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "83.2" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.00" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.4" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.75" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.68" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.126" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.4.1" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.3.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.15" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.9.5" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.7" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.8.15" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.7.16" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12.9" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.12" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.11" }, { "model": "9.3-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p25", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p24", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p22", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p21", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p13", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-rc", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta3-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-beta1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "9.3" }, { "model": "10.2-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-rc1-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-beta2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-beta2-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.2" }, { "model": "10.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p9", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p19", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p17", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p16", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc4-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc2-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc2-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-rc1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-beta3-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-beta1-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10.1" }, { "model": "summit wm3000 series", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "0" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "purview appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "netsight appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.3" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "6.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1.2" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.4" }, { "model": "extremexos patch", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.38" }, { "model": "extremexos patch", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.31" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7.2" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.7" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.6.4" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "16.1" }, { "model": "extremexos 15.4.1.3-patch1-10", "scope": null, "trust": 0.3, "vendor": "extremenetworks", "version": null }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.4.1.0" }, { "model": "extremexos", "scope": "eq", "trust": 0.3, "vendor": "extremenetworks", "version": "15.3" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "ntp", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.3.77" }, { "model": "4.2.8p4", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "qlogic virtual fabric extension module for ibm bladecenter", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.0.3.14.0" }, { "model": "qlogic 8gb intelligent pass-thru module and san switch module", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.10.1.37.00" }, { "model": "ib6131 gb infiniband switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "83.5.1000" }, { "model": "flex system fc3171 8gb san switch and san pass-thru", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.1.7.03.00" }, { "model": "flex system en6131 40gb ethernet switch", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5.1000" }, { "model": "9.3-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "9.3-release-p29", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.2-release-p6", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "10.1-release-p23", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "purview appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "netsight appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "nac appliance", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "6.4" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "21.1" }, { "model": "extremexos", "scope": "ne", "trust": 0.3, "vendor": "extremenetworks", "version": "16.2" } ], "sources": [ { "db": "BID", "id": "77273" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "CNNVD", "id": "CNNVD-201510-577" }, { "db": "NVD", "id": "CVE-2015-7853" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201510-577" } ], "trust": 0.6 }, "cve": "CVE-2015-7853", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2015-7853", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2015-7853", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2015-7853", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-7853", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2015-7853", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201510-577", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2015-7853", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201510-577" }, { "db": "NVD", "id": "CVE-2015-7853" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. NTP Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Network Time Protocol is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nAn attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. \nVersions prior to NTP 4.2.8p4 and 4.3.x prior to 4.3.77 are vulnerable. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8_p8 \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-15:25.ntp Security Advisory\n The FreeBSD Project\n\nTopic: Multiple vulnerabilities of ntp\n\nCategory: contrib\nModule: ntp\nAnnounced: 2015-10-26\nCredits: Network Time Foundation\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)\n 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)\n 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)\n 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)\n 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)\nCVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,\n CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,\n CVE-2015-7871\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit https://security.FreeBSD.org/. \n\nI. Background\n\nThe ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)\nused to synchronize the time of a computer system to a reference time\nsource. \n\nII. Problem Description\n\nCrypto-NAK packets can be used to cause ntpd(8) to accept time from an\nunauthenticated ephemeral symmetric peer by bypassing the authentication\nrequired to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and\n10.1 are not affected. \n\nIf ntpd(8) is fed a crafted mode 6 or mode 7 packet containing an unusual\nlong data value where a network address is expected, the decodenetnum()\nfunction will abort with an assertion failure instead of simply returning\na failure condition. [CVE-2015-7855]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd(8) that\nmay cause it to crash, with the hypothetical possibility of a small code\ninjection. [CVE-2015-7854]\n\nA negative value for the datalen parameter will overflow a data buffer. \nNTF\u0027s ntpd(8) driver implementations always set this value to 0 and are\ntherefore not vulnerable to this weakness. If you are running a custom\nrefclock driver in ntpd(8) and that driver supplies a negative value for\ndatalen (no custom driver of even minimal competence would do this)\nthen ntpd would overflow a data buffer. It is even hypothetically\npossible in this case that instead of simply crashing ntpd the\nattacker could effect a code injection attack. [CVE-2015-7853]\n\nIf an attacker can figure out the precise moment that ntpq(8) is listening\nfor data and the port number it is listening on or if the attacker can\nprovide a malicious instance ntpd(8) that victims will connect to then an\nattacker can send a set of crafted mode 6 response packets that, if\nreceived by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) IP address is allowed to send remote configuration\nrequests, and if the attacker knows the remote configuration password\nor if ntpd(8) was configured to disable authentication, then an attacker\ncan send a set of packets to ntpd that may cause ntpd(8) to overwrite\nfiles. [CVE-2015-7851]. The default configuration of ntpd(8) within\nFreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd\nthat will cause it to crash and/or create a potentially huge log\nfile. Specifically, the attacker could enable extended logging,\npoint the key file at the log file, and cause what amounts to an\ninfinite loop. [CVE-2015-7850]. The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd was configured to disable\nauthentication, then an attacker can send a set of packets to\nntpd that may cause a crash or theoretically perform a code\ninjection attack. [CVE-2015-7849]. The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to enable mode 7 packets, and if the use\nof mode 7 packets is not properly protected thru the use of the\navailable mode 7 authentication and restriction mechanisms, and\nif the (possibly spoofed) source IP address is allowed to send\nmode 7 queries, then an attacker can send a crafted packet to\nntpd that will cause it to crash. [CVE-2015-7848]. The default\nconfiguration of ntpd(8) within FreeBSD does not allow mode 7\npackets. \n\nIf ntpd(8) is configured to use autokey, then an attacker can send\npackets to ntpd that will, after several days of ongoing attack,\ncause it to run out of memory. [CVE-2015-7701]. The default\nconfiguration of ntpd(8) within FreeBSD does not use autokey. \n\nIf ntpd(8) is configured to allow for remote configuration, and if\nthe (possibly spoofed) source IP address is allowed to send\nremote configuration requests, and if the attacker knows the\nremote configuration password, it\u0027s possible for an attacker\nto use the \"pidfile\" or \"driftfile\" directives to potentially\noverwrite other files. [CVE-2015-5196]. The default configuration\nof ntpd(8) within FreeBSD does not allow remote configuration\n\nAn ntpd(8) client that honors Kiss-of-Death responses will honor\nKoD messages that have been forged by an attacker, causing it\nto delay or stop querying its servers for time updates. Also,\nan attacker can forge packets that claim to be from the target\nand send them to servers often enough that a server that\nimplements KoD rate limiting will send the target machine a\nKoD response to attempt to reduce the rate of incoming packets,\nor it may also trigger a firewall block at the server for\npackets from the target machine. For either of these attacks\nto succeed, the attacker must know what servers the target\nis communicating with. An attacker can be anywhere on the\nInternet and can frequently learn the identity of the target\u0027s\ntime source by sending the target a time query. [CVE-2015-7704]\n\nThe fix for CVE-2014-9750 was incomplete in that there were\ncertain code paths where a packet with particular autokey\noperations that contained malicious data was not always being\ncompletely validated. Receipt of these packets can cause ntpd\nto crash. [CVE-2015-7702]. The default configuration of ntpd(8)\nwithin FreeBSD does not use autokey. \n\nIII. Impact\n\nAn attacker which can send NTP packets to ntpd(8), which uses cryptographic\nauthentication of NTP data, may be able to inject malicious time data\ncausing the system clock to be set incorrectly. [CVE-2015-7871]\n\nAn attacker which can send NTP packets to ntpd(8), can block the\ncommunication of the daemon with time servers, causing the system\nclock not being synchronized. [CVE-2015-7704]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely crash\nthe daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]\n[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely\ntrigger the daemon to overwrite its configuration files. [CVE-2015-7851]\n[CVE-2015-5196]\n\nIV. Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected. Network administrators are advised to implement BCP-38,\nwhich helps to reduce risk associated with the attacks. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nThe ntpd service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe ntpd service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2\n# bunzip2 ntp-102.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc\n# gpg --verify ntp-102.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2\n# bunzip2 ntp-101.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc\n# gpg --verify ntp-101.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2\n# bunzip2 ntp-93.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc\n# gpg --verify ntp-93.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# find contrib/ntp -type f -empty -delete\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in https://www.FreeBSD.org/handbook/makeworld.html. \n\nd) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended,\nwhich can be done with help of the mergemaster(8) tool on 9.3-RELEASE and\nwith help of the etcupdate(8) tool on 10.1-RELEASE. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/9/ r289998\nreleng/9.3/ r290001\nstable/10/ r289997\nreleng/10.1/ r290000\nreleng/10.2/ r289999\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\nhttps://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\n\nVII. References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n\nThe latest revision of this advisory is available at\nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D\nsYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/\nRVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA\nRmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM\n7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq\nmOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv\nq8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15\nrxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6\nJS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ\nqMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB\n8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk\nEUlBT3ViDhHNrI7PTaiI\n=djPm\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. \n(CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. A remote attacker could possibly use\nthis issue to cause clients to stop updating their clock. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association\nauthentication. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n ntp 1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2783-1\n CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,\n CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,\n CVE-2015-7855, CVE-2015-7871\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6\n. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. \n\nOn October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server\u0027s advertised time. The vulnerabilities covered in this document are as follows: \n\n CVE-2015-7691 - Denial of Service AutoKey Malicious Message\n CVE-2015-7692 - Denial of Service AutoKey Malicious Message\n CVE-2015-7701 - Denial of Service CRYPTO_ASSOC Memory Leak\n CVE-2015-7702 - Denial of Service AutoKey Malicious Message\n CVE-2015-7703 - Configuration Directive File Overwrite Vulnerability\n CVE-2015-7704 - Denial of Service by Spoofed Kiss-o\u0027-Death\n CVE-2015-7705 - Denial of Service by Priming the Pump\n CVE-2015-7848 - Network Time Protocol ntpd multiple integer overflow read access violations\n CVE-2015-7849 - Network Time Protocol Trusted Keys Memory Corruption Vulnerability\n CVE-2015-7850 - Network Time Protocol Remote Configuration Denial of Service Vulnerability\n CVE-2015-7851 - Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability\n CVE-2015-7852 - Network Time Protocol ntpq atoascii Memory Corruption Vulnerability\n CVE-2015-7853 - Network Time Protocol Reference Clock Memory Corruption Vulnerability\n CVE-2015-7854 - Network Time Protocol Password Length Memory Corruption Vulnerability\n CVE-2015-7855 - Denial of Service Long Control Packet Message \n CVE-2015-7871 - NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability\n \nAdditional details on each of the vulnerabilities can be found at the following links:\n\nOfficial Security Advisory from ntp.org: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\nBoston University: http://www.cs.bu.edu/~goldbe/NTPattack.html\nCisco TALOS: http://talosintel.com/vulnerability-reports/\n\nCisco will release software updates that address these vulnerabilities. \n\nWorkarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes\n several low and medium severity vulnerabilities. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", "sources": [ { "db": "NVD", "id": "CVE-2015-7853" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "BID", "id": "77273" }, { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134137" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-7853", "trust": 3.3 }, { "db": "BID", "id": "77273", "trust": 2.0 }, { "db": "SECTRACK", "id": "1033951", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-211752", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-159-11", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "134082", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "134137", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU95781418", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-007705", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021061008", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201510-577", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.4 }, { "db": "JUNIPER", "id": "JSA10711", "trust": 0.3 }, { "db": "TALOS", "id": "TALOS-2015-0064", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2015-7853", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "137992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134102", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134034", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "BID", "id": "77273" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201510-577" }, { "db": "NVD", "id": "CVE-2015-7853" } ] }, "id": "VAR-201708-0036", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.20833333 }, "last_update_date": "2024-11-23T20:31:02.196000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTP\u00a0Bug\u00a02920 Red hat Red\u00a0Hat\u00a0Bugzilla", "trust": 0.8, "url": "http://support.ntp.org/bin/view/Main/NtpBug2920" }, { "title": "NTP Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119783" }, { "title": "Red Hat: CVE-2015-7853", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-7853" }, { "title": "Ubuntu Security Notice: ntp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2783-1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=85311fa037162a48cd67fd63f52a6478" }, { "title": "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=f5e05389a60d3a56f2a0ad0ec21579d9" }, { "title": "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151021-ntp" }, { "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-120", "trust": 1.0 }, { "problemtype": "Buffer error (CWE-119) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "NVD", "id": "CVE-2015-7853" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.securityfocus.com/bid/77273" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/201607-15" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262" }, { "trust": 1.7, "url": "http://support.ntp.org/bin/view/main/ntpbug2920" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1033951" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20171004-0001/" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf" }, { "trust": 1.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853" }, { "trust": 1.1, "url": "http://www.ubuntu.com/usn/usn-2783-1" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html" }, { "trust": 1.0, "url": "http://packetstormsecurity.com/files/134137/slackware-security-advisory-ntp-updates.html" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded" }, { "trust": 1.0, "url": "http://packetstormsecurity.com/files/134082/freebsd-security-advisory-ntp-authentication-bypass.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html" }, { "trust": 1.0, "url": "https://bto.bluecoat.com/security-advisory/sa103" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html" }, { "trust": 1.0, "url": "http://www.talosintel.com/vulnerability-reports/" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95781418/index.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061008" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.4, "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41599" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10711" }, { "trust": 0.3, "url": "http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2015/oct/113" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260" }, { "trust": 0.3, "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225" }, { "trust": 0.3, "url": "http://talosintel.com/reports/talos-2015-0064/" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871" }, { "trust": 0.2, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5196" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/120.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-7853" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2783-1/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-15:25.ntp.asc" }, { "trust": 0.1, "url": "https://www.freebsd.org/handbook/makeworld.html." }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/." }, { "trust": 0.1, "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.bz2" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7703" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.bz2" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.asc" }, { "trust": 0.1, "url": "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.bz2" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5300" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5194" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5146" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5195" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2" }, { "trust": 0.1, "url": "http://www.cs.bu.edu/~goldbe/ntpattack.html" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "http://talosintel.com/vulnerability-reports/" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9750" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692" }, { "trust": 0.1, "url": "http://osuosl.org)" } ], "sources": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "BID", "id": "77273" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201510-577" }, { "db": "NVD", "id": "CVE-2015-7853" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2015-7853" }, { "db": "BID", "id": "77273" }, { "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "db": "PACKETSTORM", "id": "137992" }, { "db": "PACKETSTORM", "id": "134082" }, { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "PACKETSTORM", "id": "134137" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-201510-577" }, { "db": "NVD", "id": "CVE-2015-7853" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-07T00:00:00", "db": "VULMON", "id": "CVE-2015-7853" }, { "date": "2015-10-21T00:00:00", "db": "BID", "id": "77273" }, { "date": "2017-09-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "date": "2016-07-21T15:56:23", "db": "PACKETSTORM", "id": "137992" }, { "date": "2015-10-26T19:32:22", "db": "PACKETSTORM", "id": "134082" }, { "date": "2015-10-27T23:30:50", "db": "PACKETSTORM", "id": "134102" }, { "date": "2015-10-21T19:22:22", "db": "PACKETSTORM", "id": "134034" }, { "date": "2015-10-30T23:22:57", "db": "PACKETSTORM", "id": "134137" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2015-10-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-577" }, { "date": "2017-08-07T20:29:00.887000", "db": "NVD", "id": "CVE-2015-7853" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-16T00:00:00", "db": "VULMON", "id": "CVE-2015-7853" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "77273" }, { "date": "2021-06-10T08:55:00", "db": "JVNDB", "id": "JVNDB-2015-007705" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201510-577" }, { "date": "2024-11-21T02:37:32.250000", "db": "NVD", "id": "CVE-2015-7853" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "134102" }, { "db": "PACKETSTORM", "id": "134034" }, { "db": "CNNVD", "id": "CNNVD-201510-577" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP\u00a0 Buffer Error Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-007705" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.