Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2015-7855
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:06:29.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "40840", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40840/", }, { name: "77283", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77283", }, { name: "1033951", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033951", }, { name: "DSA-3388", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3388", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { name: "GLSA-201607-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-15", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20171004-0001/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-10-21T00:00:00", descriptions: [ { lang: "en", value: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-15T20:37:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "40840", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40840/", }, { name: "77283", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77283", }, { name: "1033951", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033951", }, { name: "DSA-3388", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3388", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { name: "GLSA-201607-15", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-15", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20171004-0001/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-7855", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "40840", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40840/", }, { name: "77283", refsource: "BID", url: "http://www.securityfocus.com/bid/77283", }, { name: "1033951", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033951", }, { name: "DSA-3388", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3388", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", }, { name: "http://support.ntp.org/bin/view/Main/NtpBug2922", refsource: "CONFIRM", url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { name: "GLSA-201607-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-15", }, { name: "https://security.netapp.com/advisory/ntap-20171004-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20171004-0001/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-7855", datePublished: "2017-08-07T20:00:00", dateReserved: "2015-10-16T00:00:00", dateUpdated: "2024-08-06T08:06:29.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2015-7855\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-07T20:29:00.950\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.\"},{\"lang\":\"es\",\"value\":\"La función decodenetnum en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio (fallo de aserción) empleando un paquete en modo 6 o modo 7 que contiene un valor de datos largo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.8\",\"matchCriteriaId\":\"C240BAAB-8C12-4501-9DC6-FB877304E908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.77\",\"matchCriteriaId\":\"79494F07-6081-497D-8A2D-B05486599EAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA51D83-5841-4335-AF07-7A43C118CAAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"49ADE0C3-F75C-4EC0-8805-56013F0EB92C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8FF625A-EFA3-43D1-8698-4A37AE31A07C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3B99BBD-97FE-4615-905A-A614592226F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7A9AD3A-F030-4331-B52A-518BD963AB8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C293B8BE-6691-4944-BCD6-25EB98CABC73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA650F8-2576-494A-A861-61572CA319D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED21EE8-7CBF-4BC5-BFC3-185D41296238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76A0B44-13DE-4173-8D05-DA54F6A71759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1450241C-2F6D-4122-B33C-D78D065BA403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"721AFD22-91D3-488E-A5E6-DD84C86E412B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"41E44E9F-6383-4E12-AEDC-B653FEA77A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"466D9A37-2658-4695-9429-0C6BF4A631C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"99774181-5F12-446C-AC2C-DB1C52295EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"212E1878-1B9A-4CB4-A1CE-EAD60B867161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*\",\"matchCriteriaId\":\"95B173E0-1475-4F8D-A982-86F36BE3DD4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FED6CAE-D97F-49E0-9D00-1642A3A427B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*\",\"matchCriteriaId\":\"392A1364-2739-450D-9E19-DFF93081C2C6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0730ED6-676B-4200-BC07-C0B4531B242C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B87B16C-9E9F-448B-9255-B2BB2B8CAD63\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E16E82E3-9A85-41A4-8A33-12AE45A1B584\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE27728D-D37B-43FC-BA8A-0E930DDBD10B\"}]}]}],\"references\":[{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug2922\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3388\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77283\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1033951\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1274264\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201607-15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171004-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.exploit-db.com/exploits/40840/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://support.ntp.org/bin/view/Main/NtpBug2922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1033951\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1274264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.gentoo.org/glsa/201607-15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20171004-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.exploit-db.com/exploits/40840/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}", }, }
var-201708-0038
Vulnerability from variot
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. NTP Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
Gentoo Linux Security Advisory GLSA 201607-15
https://security.gentoo.org/
Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15
Synopsis
Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"
References
[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Release Date: 2016-09-21 Last Updated: 2016-09-21
Potential Security Impact: Multiple Remote Vulnerabilities
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities in NTP have been addressed with HPE Comware 7 (CW7) network products.
References:
- CVE-2015-7704
- CVE-2015-7705
- CVE-2015-7855
- CVE-2015-7871
- PSRT110228
- SSRT102943
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - Comware 7 (CW7) Products - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-7704
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7705
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7855
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVE-2015-7871
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in HPE Comware 7 network products.
COMWARE 7 Products
- 12500 (Comware 7) - Version: R7377
- HP Network Products
- JC072B HP 12500 Main Processing Unit
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- 10500 (Comware 7) - Version: R7178
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG608A HP FlexFabric 11908-V Switch Chassis
- JG609A HP FlexFabric 11900 Main Processing Unit
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
- 12900 (Comware 7) - Version: R1138P03
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) - Version: R2422P02
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG296A HP 5920AF-24XG Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG555A HP 5920AF-24XG TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- MSR1000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) - Version: R0305P08
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) - Version: E0322
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) - Version: R2138P03
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) - Version: R3111P03
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- 5700 (Comware 7) - Version: R2422P02
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) - Version: R2422P02
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6600 (Comware 7) - Version: R7103P07
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) - Version: R7103P07
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
- JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 (Comware 7) - Version: R3111P03
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
- 7500 (Comware 7) - Version: R7178
- HP Network Products
- JD238C HP 7510 Switch Chassis
- JD239C HP 7506 Switch Chassis
- JD240C HP 7503 Switch Chassis
- JD242C HP 7502 Switch Chassis
- JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
- JH208A HP 7502 Main Processing Unit
- JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
- 5130HI - Version: R1118P02
- HP Network Products
- JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
- JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
- JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
- JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch
- 5510HI - Version: R1118P02
- HP Network Products
- JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
- JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
- JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
- JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
- JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 21 September 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib Module: ntp Announced: 2015-10-26 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE) 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6) 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23) 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE) 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29) CVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/.
I.
II. Problem Description
Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and 10.1 are not affected. [CVE-2015-7855]
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd(8) that may cause it to crash, with the hypothetical possibility of a small code injection. [CVE-2015-7854]
A negative value for the datalen parameter will overflow a data buffer. NTF's ntpd(8) driver implementations always set this value to 0 and are therefore not vulnerable to this weakness. If you are running a custom refclock driver in ntpd(8) and that driver supplies a negative value for datalen (no custom driver of even minimal competence would do this) then ntpd would overflow a data buffer. It is even hypothetically possible in this case that instead of simply crashing ntpd the attacker could effect a code injection attack. [CVE-2015-7853]
If an attacker can figure out the precise moment that ntpq(8) is listening for data and the port number it is listening on or if the attacker can provide a malicious instance ntpd(8) that victims will connect to then an attacker can send a set of crafted mode 6 response packets that, if received by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause ntpd(8) to overwrite files. [CVE-2015-7851]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd(8) was configured to disable authentication, then an attacker can send a set of packets to ntpd that will cause it to crash and/or create a potentially huge log file. Specifically, the attacker could enable extended logging, point the key file at the log file, and cause what amounts to an infinite loop. [CVE-2015-7850]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to allow remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password or if ntpd was configured to disable authentication, then an attacker can send a set of packets to ntpd that may cause a crash or theoretically perform a code injection attack. [CVE-2015-7849]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration.
If ntpd(8) is configured to enable mode 7 packets, and if the use of mode 7 packets is not properly protected thru the use of the available mode 7 authentication and restriction mechanisms, and if the (possibly spoofed) source IP address is allowed to send mode 7 queries, then an attacker can send a crafted packet to ntpd that will cause it to crash. [CVE-2015-7848]. The default configuration of ntpd(8) within FreeBSD does not allow mode 7 packets.
If ntpd(8) is configured to use autokey, then an attacker can send packets to ntpd that will, after several days of ongoing attack, cause it to run out of memory. [CVE-2015-7701]. The default configuration of ntpd(8) within FreeBSD does not use autokey.
If ntpd(8) is configured to allow for remote configuration, and if the (possibly spoofed) source IP address is allowed to send remote configuration requests, and if the attacker knows the remote configuration password, it's possible for an attacker to use the "pidfile" or "driftfile" directives to potentially overwrite other files. [CVE-2015-5196]. The default configuration of ntpd(8) within FreeBSD does not allow remote configuration
An ntpd(8) client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates. Also, an attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets, or it may also trigger a firewall block at the server for packets from the target machine. For either of these attacks to succeed, the attacker must know what servers the target is communicating with. An attacker can be anywhere on the Internet and can frequently learn the identity of the target's time source by sending the target a time query. [CVE-2015-7704]
The fix for CVE-2014-9750 was incomplete in that there were certain code paths where a packet with particular autokey operations that contained malicious data was not always being completely validated. Receipt of these packets can cause ntpd to crash. [CVE-2015-7702]. The default configuration of ntpd(8) within FreeBSD does not use autokey.
III. Impact
An attacker which can send NTP packets to ntpd(8), which uses cryptographic authentication of NTP data, may be able to inject malicious time data causing the system clock to be set incorrectly. [CVE-2015-7871]
An attacker which can send NTP packets to ntpd(8), can block the communication of the daemon with time servers, causing the system clock not being synchronized. [CVE-2015-7704]
An attacker which can send NTP packets to ntpd(8), can remotely crash the daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854] [CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]
An attacker which can send NTP packets to ntpd(8), can remotely trigger the daemon to overwrite its configuration files. [CVE-2015-7851] [CVE-2015-5196]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not affected. Network administrators are advised to implement BCP-38, which helps to reduce risk associated with the attacks.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
The ntpd service has to be restarted after the update. A reboot is recommended but not required.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
The ntpd service has to be restarted after the update. A reboot is recommended but not required.
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.2]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2
bunzip2 ntp-102.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc
gpg --verify ntp-102.patch.asc
[FreeBSD 10.1]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2
bunzip2 ntp-101.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc
gpg --verify ntp-101.patch.asc
[FreeBSD 9.3]
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2
bunzip2 ntp-93.patch.bz2
fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc
gpg --verify ntp-93.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
find contrib/ntp -type f -empty -delete
c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html.
d) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended, which can be done with help of the mergemaster(8) tool on 9.3-RELEASE and with help of the etcupdate(8) tool on 10.1-RELEASE.
Restart the ntpd(8) daemon, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/9/ r289998 releng/9.3/ r290001 stable/10/ r289997 releng/10.1/ r290000 releng/10.2/ r289999
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN
VII. References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D sYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/ RVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA RmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM 7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq mOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv q8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15 rxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6 JS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ qMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB 8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk EUlBT3ViDhHNrI7PTaiI =djPm -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2783-1 October 27, 2015
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in NTP. (CVE-2015-5146)
Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. (CVE-2015-5194)
Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. (CVE-2015-5195)
Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. (CVE-2015-5196, CVE-2015-7703)
Miroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)
It was discovered that NTP incorrectly handled memory when processing certain autokey messages. (CVE-2015-7701)
Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. (CVE-2015-7704, CVE-2015-7705)
Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. (CVE-2015-7850)
Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. (CVE-2015-7852)
Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-7853)
John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. (CVE-2015-7855)
Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. (CVE-2015-7871)
In the default installation, attackers would be isolated by the NTP AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: ntp 1:4.2.6.p5+dfsg-3ubuntu8.1
Ubuntu 15.04: ntp 1:4.2.6.p5+dfsg-3ubuntu6.2
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.6
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2783-1 CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853, CVE-2015-7855, CVE-2015-7871
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6 .
On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time.
Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.
CVE-2015-5194
It was found that ntpd could crash due to an uninitialized
variable when processing malformed logconfig configuration
commands.
CVE-2015-5195
It was found that ntpd exits with a segmentation fault when a
statistics type that was not enabled during compilation (e.g.
timingstats) is referenced by the statistics or filegen
configuration command
CVE-2015-5219
It was discovered that sntp program would hang in an infinite loop
when a crafted NTP packet was received, related to the conversion
of the precision value in the packet to double.
CVE-2015-5300
It was found that ntpd did not correctly implement the -g option:
Normally, ntpd exits with a message to the system log if the offset
exceeds the panic threshold, which is 1000 s by default. This
option allows the time to be set to any value without restriction;
however, this can happen only once. If the threshold is exceeded
after that, ntpd will exit with a message to the system log. This
option can be used with the -q and -x options.
ntpd could actually step the clock multiple times by more than the
panic threshold if its clock discipline doesn't have enough time to
reach the sync state and stay there for at least one update. If a
man-in-the-middle attacker can control the NTP traffic since ntpd
was started (or maybe up to 15-30 minutes after that), they can
prevent the client from reaching the sync state and force it to step
its clock by any amount any number of times, which can be used by
attackers to expire certificates, etc.
This is contrary to what the documentation says. Normally, the
assumption is that an MITM attacker can step the clock more than the
panic threshold only once when ntpd starts and to make a larger
adjustment the attacker has to divide it into multiple smaller
steps, each taking 15 minutes, which is slow.
CVE-2015-7701
A memory leak flaw was found in ntpd's CRYPTO_ASSOC.
CVE-2015-7703
Miroslav Lichvar of Red Hat found that the :config command can be
used to set the pidfile and driftfile paths without any
restrictions. A remote attacker could use this flaw to overwrite a
file on the file system with a file containing the pid of the ntpd
process (immediately) or the current estimated drift of the system
clock (in hourly intervals). For example:
ntpq -c ':config pidfile /tmp/ntp.pid'
ntpq -c ':config driftfile /tmp/ntp.drift'
In Debian ntpd is configured to drop root privileges, which limits
the impact of this issue.
CVE-2015-7704
If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet
from the server to reduce its polling rate, it doesn't check if the
originate timestamp in the reply matches the transmit timestamp from
its request. An off-path attacker can send a crafted KoD packet to
the client, which will increase the client's polling interval to a
large value and effectively disable synchronization with the server. A
specially crafted configuration file could cause an endless loop
resulting in a denial of service.
CVE-2015-7852
A potential off by one vulnerability exists in the cookedprint
functionality of ntpq. A specially crafted buffer could cause a
buffer overflow potentially resulting in null byte being written out
of bounds.
CVE-2015-7871
An error handling logic error exists within ntpd that manifests due
to improper error condition handling associated with certain
crypto-NAK packets. An unauthenticated, off-path attacker can force
ntpd processes on targeted servers to peer with time sources of the
attacker's choosing by transmitting symmetric active crypto-NAK
packets to ntpd.
For the oldstable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u6.
For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p4+dfsg-3.
We recommend that you upgrade your ntp packages.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several low and medium severity vulnerabilities. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: 21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz
Slackware 13.1 package: e0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: db0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz
Slackware 13.37 package: 5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz
Slackware 14.0 package: 39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: dcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz
Slackware 14.1 package: 1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz
Slackware -current package: 81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz
Slackware x86_64 -current package: 8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz
Then, restart the NTP daemon:
sh /etc/rc.d/rc.ntpd restart
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0038", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ntp", scope: "eq", trust: 1.3, vendor: "ntp", version: "4.2.8", }, { model: "ntp", scope: "gte", trust: 1, vendor: "ntp", version: "4.3.0", }, { model: "tim 4r-ie dnp3", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "data ontap", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "oncommand performance manager", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "clustered data ontap", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "ntp", scope: "lt", trust: 1, vendor: "ntp", version: "4.2.8", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "8.0", }, { model: "ntp", scope: "gte", trust: 1, vendor: "ntp", version: "4.2.0", }, { model: "oncommand unified manager", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "tim 4r-ie", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "ntp", scope: "lt", trust: 1, vendor: "ntp", version: "4.3.77", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "oncommand balance", scope: "eq", trust: 1, vendor: "netapp", version: null, }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "7.0", }, { model: "ntp", scope: "eq", trust: 0.9, vendor: "ntp", version: "4.3.70", }, { model: "ntp", scope: "eq", trust: 0.8, vendor: "ntp", version: null, }, { model: "ntp", scope: "lt", trust: 0.8, vendor: "ntp", version: "4.2.8p4 less than 4.2.x", }, { model: "ntp", scope: "lt", trust: 0.8, vendor: "ntp", version: "4.3.77 less than 4.3.x", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.66", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.74", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.68", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.69", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.72", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.73", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.75", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.76", }, { model: "ntp", scope: "eq", trust: 0.6, vendor: "ntp", version: "4.3.71", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "linux x86 64 -current", scope: null, trust: 0.3, vendor: "slackware", version: null, }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.1", }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "14.0", }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.37", }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.1", }, { model: "linux x86 64", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "linux", scope: "eq", trust: 0.3, vendor: "slackware", version: "13.0", }, { model: "linux -current", scope: null, trust: 0.3, vendor: "slackware", version: null, }, { model: "ruggedcom rox", scope: "eq", trust: 0.3, vendor: "siemens", version: "2.6.3", }, { model: "ruggedcom rox", scope: "eq", trust: 0.3, vendor: "siemens", version: "2.6.2", }, { model: "ruggedcom rox", scope: "eq", trust: 0.3, vendor: "siemens", version: "2.0", }, { model: "ruggedcom rox", scope: "eq", trust: 0.3, vendor: "siemens", version: "1.16", }, { model: "ruggedcom rox", scope: "eq", trust: 0.3, vendor: "siemens", version: "1.14.5", }, { model: "ruggedcom rox", scope: "eq", trust: 0.3, vendor: "siemens", version: "1.0", }, { model: "automation stratix", scope: "eq", trust: 0.3, vendor: "rockwell", version: "59000", }, { model: "ntp", scope: "eq", trust: 0.3, vendor: "ntp", version: "4.3.25", }, { model: "ntp", scope: "eq", trust: 0.3, vendor: "ntp", version: "4.3", }, { model: "ntp", scope: "eq", trust: 0.3, vendor: "ntp", version: "4.2.6", }, { model: "4.2.8p3", scope: null, trust: 0.3, vendor: "ntp", version: null, }, { model: "4.2.8p2", scope: null, trust: 0.3, vendor: "ntp", version: null, }, { model: "4.2.7p366", scope: null, trust: 0.3, vendor: "ntp", version: null, }, { model: "4.2.7p111", scope: null, trust: 0.3, vendor: "ntp", version: null, }, { model: "4.2.7p11", scope: null, trust: 0.3, vendor: "ntp", version: null, }, { model: "4.2.5p186", scope: null, trust: 0.3, vendor: "ntp", version: null, }, { model: "junos os", scope: "eq", trust: 0.3, vendor: "juniper", version: "0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.14", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.4.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.50", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.4", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.2", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.3.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.6", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.5", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.4", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.2.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.9", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.8", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.3", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.1", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.1.0", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.13", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.12", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.11", }, { model: "vios", scope: "eq", trust: 0.3, vendor: "ibm", version: "2.2.0.10", }, { model: "qlogic virtual fabric extension module for ibm bladecenter", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "qlogic 8gb intelligent pass-thru module and san switch module", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.10", }, { model: "ib6131 gb infiniband switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "83.4", }, { model: "ib6131 gb infiniband switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "83.2", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.1.0.00", }, { model: "flex system en6131 40gb ethernet switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.4", }, { model: "flex system en6131 40gb ethernet switch", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2", }, { model: "ds8800", scope: "eq", trust: 0.3, vendor: "ibm", version: "86.31.167.0", }, { model: "ds8800", scope: "eq", trust: 0.3, vendor: "ibm", version: "0", }, { model: "ds8700", scope: "eq", trust: 0.3, vendor: "ibm", version: "87.51.14.x", }, { model: "ds8700", scope: "eq", trust: 0.3, vendor: "ibm", version: "87.41.17.x", }, { model: "ds8700", scope: "eq", trust: 0.3, vendor: "ibm", version: "76.31.143.0", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.4", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.16", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.9", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.8", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.75", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.68", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.6", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.5", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.4", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.3", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.2", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.1", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.126", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.10", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.9", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.8", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.7", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.2.0.1", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.4.1", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.3.5", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.6", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.2.15", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.5", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.1.1.16", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.9.6", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.9.5", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.8.7", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.8.6", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.8.15", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "6.1.7.16", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.12.9", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.12", }, { model: "aix", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.11", }, { model: "vsr1008 comware virtual services router", scope: "eq", trust: 0.3, vendor: "hp", version: "70", }, { model: "vsr1004 comware virtual services router", scope: "eq", trust: 0.3, vendor: "hp", version: "70", }, { model: "vsr1001 virtual services router day evaluation software", scope: "eq", trust: 0.3, vendor: "hp", version: "600", }, { model: "vsr1001 comware virtual services router", scope: "eq", trust: 0.3, vendor: "hp", version: "70", }, { model: "msr4080 router chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr4060 router chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr4000 taa-compliant mpu-100 main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr4000 mpu-100 main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr3064 router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr3044 router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr3024 taa-compliant ac router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr3024 poe router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr3024 dc router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr3024 ac router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr3012 dc router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr3012 ac router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr2004-48 router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr2004-24 ac router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr2003 taa-compliant ac router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr2003 ac router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr1003-8s ac router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "msr1002-4 ac router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6808 router chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6804 router chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6802 router chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6800 rse-x3 router main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6800 rse-x2 router taa-compliant main processing", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6800 rse-x2 router main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6602-xg taa-compliant router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6602-xg router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6602-g taa-compliant router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "hsr6602-g router", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric taa-compliant switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "79100", }, { model: "flexfabric switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "79100", }, { model: "flexfabric 7.2tbps taa-compliant fabric/main processing uni", scope: "eq", trust: 0.3, vendor: "hp", version: "79100", }, { model: "flexfabric 7.2tbps fabric main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "7910/0", }, { model: "flexfabric 2.4tbps taa-compliant fabric/main processing uni", scope: "eq", trust: 0.3, vendor: "hp", version: "79100", }, { model: "flexfabric 2.4tbps fabric main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "7910/0", }, { model: "flexfabric taa-compliant switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "79040", }, { model: "flexfabric switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "79040", }, { model: "flexfabric 4-slot taa-compliant switch", scope: "eq", trust: 0.3, vendor: "hp", version: "59300", }, { model: "flexfabric 4-slot switch", scope: "eq", trust: 0.3, vendor: "hp", version: "59300", }, { model: "flexfabric 32qsfp+ taa-compliant switch", scope: "eq", trust: 0.3, vendor: "hp", version: "59300", }, { model: "flexfabric 32qsfp+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "59300", }, { model: "flexfabric 2qsfp+ 2-slot taa-compliant switch", scope: "eq", trust: 0.3, vendor: "hp", version: "59300", }, { model: "flexfabric 2qsfp+ 2-slot switch", scope: "eq", trust: 0.3, vendor: "hp", version: "59300", }, { model: "flexfabric 5900cp 48xg 4qsfp+ taa-compliant", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 5700-48g-4xg-2qsfp+ taa-compliant switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 5700-48g-4xg-2qsfp+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 5700-40xg-2qsfp+ taa-compliant switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 5700-40xg-2qsfp+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 5700-32xgt-8xg-2qsfp+ taa-compliant switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 5700-32xgt-8xg-2qsfp+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 12916e switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric switch ac chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "129160", }, { model: "flexfabric main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "129160", }, { model: "flexfabric taa-compliant switch ac chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "129100", }, { model: "flexfabric taa-compliant main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "129100", }, { model: "flexfabric switch ac chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "129100", }, { model: "flexfabric main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "129100", }, { model: "flexfabric 12908e switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 12904e switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 12904e main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric 12900e main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "flexfabric switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "11908-v0", }, { model: "flexfabric main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "119000", }, { model: "ff 5900cp-48xg-4qsfp+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ff 12518e dc switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ff 12518e ac switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ff 12508e dc switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ff 12508e ac switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "ff 12500e mpu", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "a12518 switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "a12508 switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "75100", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "75060", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "75030", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "75020", }, { model: "main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "75020", }, { model: "5920af-24xg taa switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5920af-24xg switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5900af-48xgt-4qsfp+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5900af-48xg-4qsfp+ taa switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5900af-48xg-4qsfp+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5900af-48g-4xg-2qsfp+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5900af 48xgt 4qsfp+ taa-compliant switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5900af 48g 4xg 2qsfp+ taa-compliant", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "48g poe+ 4sfp+ hi 1-slot switch", scope: "eq", trust: 0.3, vendor: "hp", version: "55100", }, { model: "48g 4sfp+ hi 1-slot switch", scope: "eq", trust: 0.3, vendor: "hp", version: "55100", }, { model: "24g sfp 4sfp+ hi 1-slot switch", scope: "eq", trust: 0.3, vendor: "hp", version: "55100", }, { model: "24g poe+ 4sfp+ hi 1-slot switch", scope: "eq", trust: 0.3, vendor: "hp", version: "55100", }, { model: "24g 4sfp+ hi 1-slot switch", scope: "eq", trust: 0.3, vendor: "hp", version: "55100", }, { model: "5130-48g-poe+-4sfp+ ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-48g-poe+-4sfp+ ei brazil switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-48g-poe+-2sfp+-2xgt ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-48g-4sfp+ ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-48g-4sfp+ ei brazil switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-48g-2sfp+-2xgt ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-24g-sfp-4sfp+ ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-24g-poe+-4sfp+ ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-24g-poe+-4sfp+ ei brazil switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-24g-poe+-2sfp+-2xgt ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-24g-4sfp+ ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-24g-4sfp+ ei brazil switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "5130-24g-2sfp+-2xgt ei switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "48g poe+ 4sfp+ 1-slot hi switch", scope: "eq", trust: 0.3, vendor: "hp", version: "51300", }, { model: "48g 4sfp+ 1-slot hi switch", scope: "eq", trust: 0.3, vendor: "hp", version: "51300", }, { model: "24g poe+ 4sfp+ 1-slot hi switch", scope: "eq", trust: 0.3, vendor: "hp", version: "51300", }, { model: "24g 4sfp+ 1-slot hi switch", scope: "eq", trust: 0.3, vendor: "hp", version: "51300", }, { model: "1950-48g-2sfp+-2xgt-poe+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "1950-48g-2sfp+-2xgt switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "1950-24g-4xg switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "1950-24g-2sfp+-2xgt-poe+ switch", scope: "eq", trust: 0.3, vendor: "hp", version: "0", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "125180", }, { model: "dc switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "125180", }, { model: "ac switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "125180", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "125080", }, { model: "dc switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "125080", }, { model: "ac switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "125080", }, { model: "dc switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "125040", }, { model: "ac switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "125040", }, { model: "mpu w/comware os", scope: "eq", trust: 0.3, vendor: "hp", version: "12500v70", }, { model: "main processing unit", scope: "eq", trust: 0.3, vendor: "hp", version: "125000", }, { model: "taa switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "105120", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "105120", }, { model: "taa switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "10508-v0", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "10508-v0", }, { model: "taa switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "105080", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "105080", }, { model: "taa switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "105040", }, { model: "switch chassis", scope: "eq", trust: 0.3, vendor: "hp", version: "105040", }, { model: "type d taa-compliant with comware os main processing un", scope: "eq", trust: 0.3, vendor: "hp", version: "10500v70", }, { model: "type d main processing unit with comware os", scope: "eq", trust: 0.3, vendor: "hp", version: "10500v70", }, { model: "type a mpu w/comware os", scope: "eq", trust: 0.3, vendor: "hp", version: "10500v70", }, { model: "9.3-release-p9", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p6", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p5", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p3", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p25", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p24", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p22", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p21", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p2", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p13", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p10", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-rc3-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-rc2-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-rc2", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-rc1-p2", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-rc", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-prerelease", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-beta3-p2", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-beta1-p2", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-beta1-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-beta1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "9.3", }, { model: "10.2-rc2-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.2-rc1-p2", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.2-rc1-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.2-prerelease", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.2-beta2-p3", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.2-beta2-p2", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "10.2", }, { model: "10.1-stable", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-releng", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release-p9", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release-p6", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release-p5", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release-p19", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release-p17", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release-p16", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-rc4-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-rc3-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-rc2-p3", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-rc2-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-rc1-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-prerelease", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-beta3-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-beta1-p1", scope: null, trust: 0.3, vendor: "freebsd", version: null, }, { model: "freebsd", scope: "eq", trust: 0.3, vendor: "freebsd", version: "10.1", }, { model: "summit wm3000 series", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "0", }, { model: "purview appliance", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "6.4", }, { model: "purview appliance", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "6.3", }, { model: "netsight appliance", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "6.3", }, { model: "netsight appliance", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "6.0", }, { model: "nac appliance", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "6.3", }, { model: "nac appliance", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "6.0", }, { model: "extremexos", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "16.1.2", }, { model: "extremexos", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "15.7.4", }, { model: "extremexos patch", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "15.7.38", }, { model: "extremexos patch", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "15.7.31", }, { model: "extremexos", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "15.7.2", }, { model: "extremexos", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "15.7", }, { model: "extremexos", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "15.6.4", }, { model: "extremexos", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "16.1", }, { model: "extremexos 15.4.1.3-patch1-10", scope: null, trust: 0.3, vendor: "extremenetworks", version: null, }, { model: "extremexos", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "15.4.1.0", }, { model: "extremexos", scope: "eq", trust: 0.3, vendor: "extremenetworks", version: "15.3", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "ruggedcom rox", scope: "ne", trust: 0.3, vendor: "siemens", version: "2.9.0", }, { model: "automation stratix", scope: "ne", trust: 0.3, vendor: "rockwell", version: "590015.6.3", }, { model: "ntp", scope: "ne", trust: 0.3, vendor: "ntp", version: "4.3.77", }, { model: "4.2.8p4", scope: "ne", trust: 0.3, vendor: "ntp", version: null, }, { model: "qlogic virtual fabric extension module for ibm bladecenter", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.0.3.14.0", }, { model: "qlogic 8gb intelligent pass-thru module and san switch module", scope: "ne", trust: 0.3, vendor: "ibm", version: "7.10.1.37.00", }, { model: "ib6131 gb infiniband switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "83.5.1000", }, { model: "flex system fc3171 8gb san switch and san pass-thru", scope: "ne", trust: 0.3, vendor: "ibm", version: "9.1.7.03.00", }, { model: "flex system en6131 40gb ethernet switch", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.5.1000", }, { model: "9.3-stable", scope: "ne", trust: 0.3, vendor: "freebsd", version: null, }, { model: "9.3-release-p29", scope: "ne", trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.2-stable", scope: "ne", trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.2-release-p6", scope: "ne", trust: 0.3, vendor: "freebsd", version: null, }, { model: "10.1-release-p23", scope: "ne", trust: 0.3, vendor: "freebsd", version: null, }, { model: "purview appliance", scope: "ne", trust: 0.3, vendor: "extremenetworks", version: "7.0.3", }, { model: "netsight appliance", scope: "ne", trust: 0.3, vendor: "extremenetworks", version: "6.4", }, { model: "nac appliance", scope: "ne", trust: 0.3, vendor: "extremenetworks", version: "6.4", }, { model: "extremexos", scope: "ne", trust: 0.3, vendor: "extremenetworks", version: "21.1.1", }, { model: "extremexos", scope: "ne", trust: 0.3, vendor: "extremenetworks", version: "16.2", }, ], sources: [ { db: "BID", id: "77283", }, { db: "JVNDB", id: "JVNDB-2015-007707", }, { db: "CNNVD", id: "CNNVD-201510-575", }, { db: "NVD", id: "CVE-2015-7855", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "John D \"Doug\" Birdwell of IDA.org.", sources: [ { db: "BID", id: "77283", }, ], trust: 0.3, }, cve: "CVE-2015-7855", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", exploitabilityScore: 8, id: "CVE-2015-7855", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2015-7855", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2015-7855", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2015-7855", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2015-7855", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201510-575", trust: 0.6, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2015-7855", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2015-7855", }, { db: "JVNDB", id: "JVNDB-2015-007707", }, { db: "CNNVD", id: "CNNVD-201510-575", }, { db: "NVD", id: "CVE-2015-7855", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. NTP Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Network Time Protocol is prone to a denial-of-service vulnerability. \nA remote attacker may exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: NTP: Multiple vulnerabilities\n Date: July 20, 2016\n Bugs: #563774, #572452, #581528, #584954\n ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-7691\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[ 2 ] CVE-2015-7692\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[ 3 ] CVE-2015-7701\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[ 4 ] CVE-2015-7702\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[ 5 ] CVE-2015-7703\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[ 6 ] CVE-2015-7704\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[ 7 ] CVE-2015-7705\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[ 8 ] CVE-2015-7848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[ 9 ] CVE-2015-7849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nRelease Date: 2016-09-21\nLast Updated: 2016-09-21\n\nPotential Security Impact: Multiple Remote Vulnerabilities\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in NTP have been addressed with HPE\nComware 7 (CW7) network products. \n\nReferences:\n\n - CVE-2015-7704\n - CVE-2015-7705\n - CVE-2015-7855\n - CVE-2015-7871\n - PSRT110228\n - SSRT102943\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n - Comware 7 (CW7) Products - Please refer to the RESOLUTION\n below for a list of impacted products. All product versions are impacted\nprior to the fixed versions listed. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-7704\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n CVE-2015-7705\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n CVE-2015-7855\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\n\n CVE-2015-7871\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\n 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in HPE Comware 7 network products. \n\n**COMWARE 7 Products**\n\n + **12500 (Comware 7) - Version: R7377**\n * HP Network Products\n - JC072B HP 12500 Main Processing Unit\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n + **10500 (Comware 7) - Version: R7178**\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG608A HP FlexFabric 11908-V Switch Chassis\n - JG609A HP FlexFabric 11900 Main Processing Unit\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n + **12900 (Comware 7) - Version: R1138P03**\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + **5900 (Comware 7) - Version: R2422P02**\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG296A HP 5920AF-24XG Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG555A HP 5920AF-24XG TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + **MSR1000 (Comware 7) - Version: R0305P08**\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + **MSR2000 (Comware 7) - Version: R0305P08**\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + **MSR3000 (Comware 7) - Version: R0305P08**\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + **MSR4000 (Comware 7) - Version: R0305P08**\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + **VSR (Comware 7) - Version: E0322**\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + **7900 (Comware 7) - Version: R2138P03**\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + **5130 (Comware 7) - Version: R3111P03**\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n + **5700 (Comware 7) - Version: R2422P02**\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + **5930 (Comware 7) - Version: R2422P02**\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + **HSR6600 (Comware 7) - Version: R7103P07**\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + **HSR6800 (Comware 7) - Version: R7103P07**\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n + **1950 (Comware 7) - Version: R3111P03**\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n + **7500 (Comware 7) - Version: R7178**\n * HP Network Products\n - JD238C HP 7510 Switch Chassis\n - JD239C HP 7506 Switch Chassis\n - JD240C HP 7503 Switch Chassis\n - JD242C HP 7502 Switch Chassis\n - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n - JH208A HP 7502 Main Processing Unit\n - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n + **5130HI - Version: R1118P02**\n * HP Network Products\n - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n + **5510HI - Version: R1118P02**\n * HP Network Products\n - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 September 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer's patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-15:25.ntp Security Advisory\n The FreeBSD Project\n\nTopic: Multiple vulnerabilities of ntp\n\nCategory: contrib\nModule: ntp\nAnnounced: 2015-10-26\nCredits: Network Time Foundation\nAffects: All supported versions of FreeBSD. \nCorrected: 2015-10-26 11:35:40 UTC (stable/10, 10.2-STABLE)\n 2015-10-26 11:36:55 UTC (releng/10.2, 10.2-RELEASE-p6)\n 2015-10-26 11:37:31 UTC (releng/10.1, 10.1-RELEASE-p23)\n 2015-10-26 11:36:40 UTC (stable/9, 9.3-STABLE)\n 2015-10-26 11:42:25 UTC (releng/9.3, 9.3-RELEASE-p29)\nCVE Name: CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851,\n CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855,\n CVE-2015-7871\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit https://security.FreeBSD.org/. \n\nI. \n\nII. Problem Description\n\nCrypto-NAK packets can be used to cause ntpd(8) to accept time from an\nunauthenticated ephemeral symmetric peer by bypassing the authentication\nrequired to mobilize peer associations. [CVE-2015-7871] FreeBSD 9.3 and\n10.1 are not affected. [CVE-2015-7855]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd(8) that\nmay cause it to crash, with the hypothetical possibility of a small code\ninjection. [CVE-2015-7854]\n\nA negative value for the datalen parameter will overflow a data buffer. \nNTF's ntpd(8) driver implementations always set this value to 0 and are\ntherefore not vulnerable to this weakness. If you are running a custom\nrefclock driver in ntpd(8) and that driver supplies a negative value for\ndatalen (no custom driver of even minimal competence would do this)\nthen ntpd would overflow a data buffer. It is even hypothetically\npossible in this case that instead of simply crashing ntpd the\nattacker could effect a code injection attack. [CVE-2015-7853]\n\nIf an attacker can figure out the precise moment that ntpq(8) is listening\nfor data and the port number it is listening on or if the attacker can\nprovide a malicious instance ntpd(8) that victims will connect to then an\nattacker can send a set of crafted mode 6 response packets that, if\nreceived by ntpq(8), can cause ntpq(8) to crash. [CVE-2015-7852]\n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) IP address is allowed to send remote configuration\nrequests, and if the attacker knows the remote configuration password\nor if ntpd(8) was configured to disable authentication, then an attacker\ncan send a set of packets to ntpd that may cause ntpd(8) to overwrite\nfiles. [CVE-2015-7851]. The default configuration of ntpd(8) within\nFreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd(8) was configured to disable\nauthentication, then an attacker can send a set of packets to ntpd\nthat will cause it to crash and/or create a potentially huge log\nfile. Specifically, the attacker could enable extended logging,\npoint the key file at the log file, and cause what amounts to an\ninfinite loop. [CVE-2015-7850]. The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to allow remote configuration, and if the\n(possibly spoofed) source IP address is allowed to send remote\nconfiguration requests, and if the attacker knows the remote\nconfiguration password or if ntpd was configured to disable\nauthentication, then an attacker can send a set of packets to\nntpd that may cause a crash or theoretically perform a code\ninjection attack. [CVE-2015-7849]. The default configuration of ntpd(8)\nwithin FreeBSD does not allow remote configuration. \n\nIf ntpd(8) is configured to enable mode 7 packets, and if the use\nof mode 7 packets is not properly protected thru the use of the\navailable mode 7 authentication and restriction mechanisms, and\nif the (possibly spoofed) source IP address is allowed to send\nmode 7 queries, then an attacker can send a crafted packet to\nntpd that will cause it to crash. [CVE-2015-7848]. The default\nconfiguration of ntpd(8) within FreeBSD does not allow mode 7\npackets. \n\nIf ntpd(8) is configured to use autokey, then an attacker can send\npackets to ntpd that will, after several days of ongoing attack,\ncause it to run out of memory. [CVE-2015-7701]. The default\nconfiguration of ntpd(8) within FreeBSD does not use autokey. \n\nIf ntpd(8) is configured to allow for remote configuration, and if\nthe (possibly spoofed) source IP address is allowed to send\nremote configuration requests, and if the attacker knows the\nremote configuration password, it's possible for an attacker\nto use the \"pidfile\" or \"driftfile\" directives to potentially\noverwrite other files. [CVE-2015-5196]. The default configuration\nof ntpd(8) within FreeBSD does not allow remote configuration\n\nAn ntpd(8) client that honors Kiss-of-Death responses will honor\nKoD messages that have been forged by an attacker, causing it\nto delay or stop querying its servers for time updates. Also,\nan attacker can forge packets that claim to be from the target\nand send them to servers often enough that a server that\nimplements KoD rate limiting will send the target machine a\nKoD response to attempt to reduce the rate of incoming packets,\nor it may also trigger a firewall block at the server for\npackets from the target machine. For either of these attacks\nto succeed, the attacker must know what servers the target\nis communicating with. An attacker can be anywhere on the\nInternet and can frequently learn the identity of the target's\ntime source by sending the target a time query. [CVE-2015-7704]\n\nThe fix for CVE-2014-9750 was incomplete in that there were\ncertain code paths where a packet with particular autokey\noperations that contained malicious data was not always being\ncompletely validated. Receipt of these packets can cause ntpd\nto crash. [CVE-2015-7702]. The default configuration of ntpd(8)\nwithin FreeBSD does not use autokey. \n\nIII. Impact\n\nAn attacker which can send NTP packets to ntpd(8), which uses cryptographic\nauthentication of NTP data, may be able to inject malicious time data\ncausing the system clock to be set incorrectly. [CVE-2015-7871]\n\nAn attacker which can send NTP packets to ntpd(8), can block the\ncommunication of the daemon with time servers, causing the system\nclock not being synchronized. [CVE-2015-7704]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely crash\nthe daemon, sending malicious data packet. [CVE-2015-7855] [CVE-2015-7854]\n[CVE-2015-7853] [CVE-2015-7852] [CVE-2015-7849] [CVE-2015-7848]\n\nAn attacker which can send NTP packets to ntpd(8), can remotely\ntrigger the daemon to overwrite its configuration files. [CVE-2015-7851]\n[CVE-2015-5196]\n\nIV. Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected. Network administrators are advised to implement BCP-38,\nwhich helps to reduce risk associated with the attacks. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nThe ntpd service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nThe ntpd service has to be restarted after the update. A reboot is\nrecommended but not required. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.bz2\n# bunzip2 ntp-102.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-102.patch.asc\n# gpg --verify ntp-102.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.bz2\n# bunzip2 ntp-101.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-101.patch.asc\n# gpg --verify ntp-101.patch.asc\n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.bz2\n# bunzip2 ntp-93.patch.bz2\n# fetch https://security.FreeBSD.org/patches/SA-15:25/ntp-93.patch.asc\n# gpg --verify ntp-93.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch < /path/to/patch\n# find contrib/ntp -type f -empty -delete\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in https://www.FreeBSD.org/handbook/makeworld.html. \n\nd) For 9.3-RELEASE and 10.1-RELEASE an update to /etc/ntp.conf is recommended,\nwhich can be done with help of the mergemaster(8) tool on 9.3-RELEASE and\nwith help of the etcupdate(8) tool on 10.1-RELEASE. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/9/ r289998\nreleng/9.3/ r290001\nstable/10/ r289997\nreleng/10.1/ r290000\nreleng/10.2/ r289999\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\nhttps://svnweb.freebsd.org/base?view=revision&revision=NNNNNN\n\nVII. References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n\nThe latest revision of this advisory is available at\nhttps://security.FreeBSD.org/advisories/FreeBSD-SA-15:25.ntp.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJWLhOJAAoJEO1n7NZdz2rn91wP/2GwEt1boNQq2a7nYzv/mS5D\nsYKkIi7o+2yr2BLXvtc3O7c9QC3/YeGsza9DTRqndcY572SWvRgtkFstMTTm8IV/\nRVlIE40gVR3tex0zo7BiD7uKUrxWxWcpwMbE5dzlE+vSybyyj0dSSkwUHJjrbJoA\nRmyNuEEUhQn5sRCg6qJv/PLp2G7BcYAasKScukjm7QnLP2kq/tvM9mcqwfh2tadM\n7kbf8uq+ykvsRzctaDnxQaB5+zJxBQYJjBelxQfIkNek0XGfdj3sRwISeFznbllq\nmOLTIBaFiuEtHtusO7MKKavMgS5CQJOvuuvd/l3NY1MnxC6X/1SWig9KIKDIn/hv\nq8dsnq7LLx+tO6Cv4Dub7EbC2ZP3xXGOC4Ie02z8bTZnbX7iwyPUidQQqtU9ra15\nrxzFcZnBxu+yyMNJVsV2qVV/r9OycgKxWlEELC1wYrK9fKfvLdA5aEGjDeU1Z+s6\nJS2zKr0t4F2bMrCsjYP1lQD8sHkCVjwJk+IJU/slcwSajDjBNlMH0yBxGYE1ETIZ\nqMF7/PAkLe8V78pdYmXw9pcaPyhI+ihPLnNrdhX8AI2RX5jDK7IuUNJeUM04UrVB\n8N+mMwgamcuCPWNNyXaL0bz21fexZOuhHmU+B8Yn3SFX5O5b/r9gGvrjo8ei8jOk\nEUlBT3ViDhHNrI7PTaiI\n=djPm\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-2783-1\nOctober 27, 2015\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. (CVE-2015-5146)\n\nMiroslav Lichvar discovered that NTP incorrectly handled logconfig\ndirectives. (CVE-2015-5194)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain statistics\ntypes. (CVE-2015-5195)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain file\npaths. (CVE-2015-5196, CVE-2015-7703)\n\nMiroslav Lichvar discovered that NTP incorrectly handled certain packets. (CVE-2015-5219)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled restarting after hitting a panic threshold. \n(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702)\n\nIt was discovered that NTP incorrectly handled memory when processing\ncertain autokey messages. \n(CVE-2015-7701)\n\nAanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP\nincorrectly handled rate limiting. (CVE-2015-7704,\nCVE-2015-7705)\n\nYves Younan discovered that NTP incorrectly handled logfile and keyfile\ndirectives. (CVE-2015-7850)\n\nYves Younan and Aleksander Nikolich discovered that NTP incorrectly handled\nascii conversion. (CVE-2015-7852)\n\nYves Younan discovered that NTP incorrectly handled reference clock memory. \nA malicious refclock could possibly use this issue to cause NTP to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2015-7853)\n\nJohn D \"Doug\" Birdwell discovered that NTP incorrectly handled decoding\ncertain bogus values. (CVE-2015-7855)\n\nStephen Gray discovered that NTP incorrectly handled symmetric association\nauthentication. (CVE-2015-7871)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu8.1\n\nUbuntu 15.04:\n ntp 1:4.2.6.p5+dfsg-3ubuntu6.2\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2783-1\n CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196,\n CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692,\n CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704,\n CVE-2015-7705, CVE-2015-7850, CVE-2015-7852, CVE-2015-7853,\n CVE-2015-7855, CVE-2015-7871\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6\n. \n\nOn October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. \n\nWorkarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. \n\nCVE-2015-5194\n\n It was found that ntpd could crash due to an uninitialized\n variable when processing malformed logconfig configuration\n commands. \n\nCVE-2015-5195\n\n It was found that ntpd exits with a segmentation fault when a\n statistics type that was not enabled during compilation (e.g. \n timingstats) is referenced by the statistics or filegen\n configuration command\n\nCVE-2015-5219\n\n It was discovered that sntp program would hang in an infinite loop\n when a crafted NTP packet was received, related to the conversion\n of the precision value in the packet to double. \n\nCVE-2015-5300\n\n It was found that ntpd did not correctly implement the -g option:\n\n Normally, ntpd exits with a message to the system log if the offset\n exceeds the panic threshold, which is 1000 s by default. This\n option allows the time to be set to any value without restriction;\n however, this can happen only once. If the threshold is exceeded\n after that, ntpd will exit with a message to the system log. This\n option can be used with the -q and -x options. \n\n ntpd could actually step the clock multiple times by more than the\n panic threshold if its clock discipline doesn't have enough time to\n reach the sync state and stay there for at least one update. If a\n man-in-the-middle attacker can control the NTP traffic since ntpd\n was started (or maybe up to 15-30 minutes after that), they can\n prevent the client from reaching the sync state and force it to step\n its clock by any amount any number of times, which can be used by\n attackers to expire certificates, etc. \n\n This is contrary to what the documentation says. Normally, the\n assumption is that an MITM attacker can step the clock more than the\n panic threshold only once when ntpd starts and to make a larger\n adjustment the attacker has to divide it into multiple smaller\n steps, each taking 15 minutes, which is slow. \n\nCVE-2015-7701\n\n A memory leak flaw was found in ntpd's CRYPTO_ASSOC. \n\nCVE-2015-7703\n\n Miroslav Lichvar of Red Hat found that the :config command can be\n used to set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to overwrite a\n file on the file system with a file containing the pid of the ntpd\n process (immediately) or the current estimated drift of the system\n clock (in hourly intervals). For example:\n\n ntpq -c ':config pidfile /tmp/ntp.pid'\n ntpq -c ':config driftfile /tmp/ntp.drift'\n\n In Debian ntpd is configured to drop root privileges, which limits\n the impact of this issue. \n\nCVE-2015-7704\n\n If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n from the server to reduce its polling rate, it doesn't check if the\n originate timestamp in the reply matches the transmit timestamp from\n its request. An off-path attacker can send a crafted KoD packet to\n the client, which will increase the client's polling interval to a\n large value and effectively disable synchronization with the server. A\n specially crafted configuration file could cause an endless loop\n resulting in a denial of service. \n\nCVE-2015-7852\n\n A potential off by one vulnerability exists in the cookedprint\n functionality of ntpq. A specially crafted buffer could cause a\n buffer overflow potentially resulting in null byte being written out\n of bounds. \n\nCVE-2015-7871\n\n An error handling logic error exists within ntpd that manifests due\n to improper error condition handling associated with certain\n crypto-NAK packets. An unauthenticated, off-path attacker can force\n ntpd processes on targeted servers to peer with time sources of the\n attacker's choosing by transmitting symmetric active crypto-NAK\n packets to ntpd. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3. \n\nWe recommend that you upgrade your ntp packages. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz: Upgraded. \n In addition to bug fixes and enhancements, this release fixes\n several low and medium severity vulnerabilities. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9750\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5196\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p4-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p4-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p4-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p4-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n21dd14178fea17a88c9326c8672ecefd ntp-4.2.8p4-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n8647479b2007b92ff8598184f2275263 ntp-4.2.8p4-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne0f122e8e271dc84db06202c03cc0288 ntp-4.2.8p4-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ndb0aff04b72b3d8c96ca8c8e1ed36c05 ntp-4.2.8p4-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n5914e43e886e5ff88fefd30083493e30 ntp-4.2.8p4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n4335c3bf2ae24afc5ad734e8d80b3e94 ntp-4.2.8p4-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n39b05698797b638b67130e0b170e0a4b ntp-4.2.8p4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndcf4a56ba1d013ee1c9d0e624e158709 ntp-4.2.8p4-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n1fd3a7beaf23303e2c211af377662614 ntp-4.2.8p4-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n438c3185aa8ec20d1c2b5e51786e4d41 ntp-4.2.8p4-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n81bfb2fed450cb26a51b5e1cee0d33ed n/ntp-4.2.8p4-i586-1.txz\n\nSlackware x86_64 -current package:\n8bae4ad633af40d4d54b7686e4b225f9 n/ntp-4.2.8p4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p4-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address", sources: [ { db: "NVD", id: "CVE-2015-7855", }, { db: "JVNDB", id: "JVNDB-2015-007707", }, { db: "BID", id: "77283", }, { db: "VULMON", id: "CVE-2015-7855", }, { db: "PACKETSTORM", id: "137992", }, { db: "PACKETSTORM", id: "138803", }, { db: "PACKETSTORM", id: "134082", }, { db: "PACKETSTORM", id: "134102", }, { db: "PACKETSTORM", id: "134034", }, { db: "PACKETSTORM", id: "134162", }, { db: "PACKETSTORM", id: "134137", }, ], trust: 2.61, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=40840", trust: 0.1, type: "exploit", }, ], sources: [ { db: "VULMON", id: "CVE-2015-7855", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-7855", trust: 3.5, }, { db: "BID", id: "77283", trust: 2, }, { db: "SECTRACK", id: "1033951", trust: 1.7, }, { db: "SIEMENS", id: "SSA-497656", trust: 1.7, }, { db: "ICS CERT", id: "ICSA-21-103-11", trust: 1.7, }, { db: "EXPLOIT-DB", id: "40840", trust: 1.7, }, { db: "JVN", id: "JVNVU96269392", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2015-007707", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201510-575", trust: 0.6, }, { db: "JUNIPER", id: "JSA10711", trust: 0.3, }, { db: "ICS CERT", id: "ICSA-17-094-04", trust: 0.3, }, { db: "ICS CERT", id: "ICSA-15-356-01", trust: 0.1, }, { db: "VULMON", id: "CVE-2015-7855", trust: 0.1, }, { db: "PACKETSTORM", id: "137992", trust: 0.1, }, { db: "PACKETSTORM", id: "138803", trust: 0.1, }, { db: "PACKETSTORM", id: "134082", trust: 0.1, }, { db: "PACKETSTORM", id: "134102", trust: 0.1, }, { db: "PACKETSTORM", id: "134034", trust: 0.1, }, { db: "PACKETSTORM", id: "134162", trust: 0.1, }, { db: "PACKETSTORM", id: "134137", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2015-7855", }, { db: "BID", id: "77283", }, { db: "JVNDB", id: "JVNDB-2015-007707", }, { db: "PACKETSTORM", id: "137992", }, { db: "PACKETSTORM", id: "138803", }, { db: "PACKETSTORM", id: "134082", }, { db: "PACKETSTORM", id: "134102", }, { db: "PACKETSTORM", id: "134034", }, { db: "PACKETSTORM", id: "134162", }, { db: "PACKETSTORM", id: "134137", }, { db: "CNNVD", id: "CNNVD-201510-575", }, { db: "NVD", id: "CVE-2015-7855", }, ], }, id: "VAR-201708-0038", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.20833333, }, last_update_date: "2024-11-29T20:57:57.600000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Bug 1274264", trust: 0.8, url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { title: "NTP Remediation measures for denial of service vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119785", }, { title: "Red Hat: CVE-2015-7855", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-7855", }, { title: "Ubuntu Security Notice: ntp vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2783-1", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=e70fe4cd19746222a97e5da53d3d2b2a", }, { title: "Debian Security Advisories: DSA-3388-1 ntp -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=61fe4252a877d02aaea1c931efa0a305", }, { title: "Symantec Security Advisories: SA103 : October 2015 NTP Security Vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=f5e05389a60d3a56f2a0ad0ec21579d9", }, { title: "Cisco: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151021-ntp", }, { title: "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=eb439566c9130adc92d21bc093204cf8", }, { title: "afl-cve", trust: 0.1, url: "https://github.com/mrash/afl-cve ", }, ], sources: [ { db: "VULMON", id: "CVE-2015-7855", }, { db: "JVNDB", id: "JVNDB-2015-007707", }, { db: "CNNVD", id: "CNNVD-201510-575", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1, }, { problemtype: "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-007707", }, { db: "NVD", id: "CVE-2015-7855", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { trust: 1.8, url: "https://security.gentoo.org/glsa/201607-15", }, { trust: 1.8, url: "https://www.exploit-db.com/exploits/40840/", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/77283", }, { trust: 1.7, url: "http://support.ntp.org/bin/view/main/ntpbug2922", }, { trust: 1.7, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05270839", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1033951", }, { trust: 1.7, url: "http://www.debian.org/security/2015/dsa-3388", }, { trust: 1.7, url: "https://security.netapp.com/advisory/ntap-20171004-0001/", }, { trust: 1.7, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { trust: 1.7, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, { trust: 1.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7855", }, { trust: 0.8, url: "https://jvn.jp/vu/jvnvu96269392/index.html", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7871", }, { trust: 0.7, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7704", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7702", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7852", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7701", }, { trust: 0.6, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7850", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7705", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7703", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7691", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7853", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7692", }, { trust: 0.4, url: "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities", }, { trust: 0.4, url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151021-ntp", }, { trust: 0.4, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05270839", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7848", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7849", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7854", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7851", }, { trust: 0.3, url: "https://github.com/ntp-project/ntp/blob/stable/news#l295", }, { trust: 0.3, url: "http://www.ntp.org", }, { trust: 0.3, url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10711", }, { trust: 0.3, url: "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04", }, { trust: 0.3, url: "http://learn.extremenetworks.com/rs/641-vmv-602/images/vn-2015-009_multiple_ntp_vulnerabilities.pdf", }, { trust: 0.3, url: "http://seclists.org/bugtraq/2015/oct/113", }, { trust: 0.3, url: "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005779", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099260", }, { trust: 0.3, url: "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7702", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7851", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7701", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7855", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7852", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7850", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7854", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7849", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7853", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7871", }, { trust: 0.2, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7848", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5219", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5300", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5194", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5146", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5195", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5196", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9750", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "http://tools.cisco.com/security/center/viewalert.x?alertid=41659", }, { trust: 0.1, url: "https://ics-cert.us-cert.gov/advisories/icsa-15-356-01", }, { trust: 0.1, url: "https://usn.ubuntu.com/2783-1/", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8140", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7978", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7973", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7979", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8138", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8139", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7974", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-8158", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2016-1547", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7977", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7975", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7976", }, { trust: 0.1, url: "http://www.hpe.com/support/security_bulletin_archive", }, { trust: 0.1, url: "https://www.hpe.com/info/report-security-vulnerability", }, { trust: 0.1, url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499", }, { trust: 0.1, url: "http://www.hpe.com/support/subscriber_choice", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.asc", }, { trust: 0.1, url: "https://security.freebsd.org/advisories/freebsd-sa-15:25.ntp.asc", }, { trust: 0.1, url: "https://www.freebsd.org/handbook/makeworld.html.", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.asc", }, { trust: 0.1, url: "https://security.freebsd.org/.", }, { trust: 0.1, url: "https://svnweb.freebsd.org/base?view=revision&revision=nnnnnn", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:25/ntp-93.patch.bz2", }, { trust: 0.1, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7703", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.bz2", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:25/ntp-101.patch.asc", }, { trust: 0.1, url: "https://security.freebsd.org/patches/sa-15:25/ntp-102.patch.bz2", }, { trust: 0.1, url: "http://www.ubuntu.com/usn/usn-2783-1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu8.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.5", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.6", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu6.2", }, { trust: 0.1, url: "http://www.cs.bu.edu/~goldbe/ntpattack.html", }, { trust: 0.1, url: "http://gpgtools.org", }, { trust: 0.1, url: "http://talosintel.com/vulnerability-reports/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2014-9751", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3405", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "http://slackware.com", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7705", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7691", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5196", }, { trust: 0.1, url: "http://slackware.com/gpg-key", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9750", }, { trust: 0.1, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7692", }, { trust: 0.1, url: "http://osuosl.org)", }, ], sources: [ { db: "VULMON", id: "CVE-2015-7855", }, { db: "BID", id: "77283", }, { db: "JVNDB", id: "JVNDB-2015-007707", }, { db: "PACKETSTORM", id: "137992", }, { db: "PACKETSTORM", id: "138803", }, { db: "PACKETSTORM", id: "134082", }, { db: "PACKETSTORM", id: "134102", }, { db: "PACKETSTORM", id: "134034", }, { db: "PACKETSTORM", id: "134162", }, { db: "PACKETSTORM", id: "134137", }, { db: "CNNVD", id: "CNNVD-201510-575", }, { db: "NVD", id: "CVE-2015-7855", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2015-7855", }, { db: "BID", id: "77283", }, { db: "JVNDB", id: "JVNDB-2015-007707", }, { db: "PACKETSTORM", id: "137992", }, { db: "PACKETSTORM", id: "138803", }, { db: "PACKETSTORM", id: "134082", }, { db: "PACKETSTORM", id: "134102", }, { db: "PACKETSTORM", id: "134034", }, { db: "PACKETSTORM", id: "134162", }, { db: "PACKETSTORM", id: "134137", }, { db: "CNNVD", id: "CNNVD-201510-575", }, { db: "NVD", id: "CVE-2015-7855", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-08-07T00:00:00", db: "VULMON", id: "CVE-2015-7855", }, { date: "2015-10-21T00:00:00", db: "BID", id: "77283", }, { date: "2017-09-06T00:00:00", db: "JVNDB", id: "JVNDB-2015-007707", }, { date: "2016-07-21T15:56:23", db: "PACKETSTORM", id: "137992", }, { date: "2016-09-21T17:24:00", db: "PACKETSTORM", id: "138803", }, { date: "2015-10-26T19:32:22", db: "PACKETSTORM", id: "134082", }, { date: "2015-10-27T23:30:50", db: "PACKETSTORM", id: "134102", }, { date: "2015-10-21T19:22:22", db: "PACKETSTORM", id: "134034", }, { date: "2015-11-02T16:48:39", db: "PACKETSTORM", id: "134162", }, { date: "2015-10-30T23:22:57", db: "PACKETSTORM", id: "134137", }, { date: "2015-10-27T00:00:00", db: "CNNVD", id: "CNNVD-201510-575", }, { date: "2017-08-07T20:29:00.950000", db: "NVD", id: "CVE-2015-7855", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-04-19T00:00:00", db: "VULMON", id: "CVE-2015-7855", }, { date: "2017-05-23T16:24:00", db: "BID", id: "77283", }, { date: "2021-04-16T08:52:00", db: "JVNDB", id: "JVNDB-2015-007707", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-201510-575", }, { date: "2024-11-21T02:37:32.590000", db: "NVD", id: "CVE-2015-7855", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "134102", }, { db: "PACKETSTORM", id: "134034", }, { db: "CNNVD", id: "CNNVD-201510-575", }, ], trust: 0.8, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "NTP Input confirmation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2015-007707", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "input validation error", sources: [ { db: "CNNVD", id: "CNNVD-201510-575", }, ], trust: 0.6, }, }
suse-su-2016:1247-1
Vulnerability from csaf_suse
Published
2016-05-06 07:50
Modified
2016-05-06 07:50
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
ntp was updated to version 4.2.8p6 to fix 28 security issues.
Major functional changes:
- The 'sntp' commandline tool changed its option handling in a major way,
some options have been renamed or dropped.
- 'controlkey 1' is added during update to ntp.conf to allow sntp to work.
- The local clock is being disabled during update.
- ntpd is no longer running chrooted.
Other functional changes:
- ntp-signd is installed.
- 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option.
- 'kod' was removed from the default restrictions.
- SHA1 keys are used by default instead of MD5 keys.
Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837)
These security issues were fixed:
- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).
- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).
- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802).
- CVE-2015-7975: nextvar() missing length check (bsc#962988).
- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).
- CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).
- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
- CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629).
- CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608).
- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608).
- CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608).
- CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608).
- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608).
- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).
- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).
- CVE-2015-7849: trusted key use-after-free (bsc#951608).
- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).
- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).
- CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608).
- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608).
- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608).
These non-security issues were fixed:
- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd).
This replaces the w32 patches in 4.2.4 that added the authreg
directive.
- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd.
When run as cron job, /usr/sbin/ is not in the path, which caused
the synchronization to fail.
- bsc#782060: Speedup ntpq.
- bsc#916617: Add /var/db/ntp-kod.
- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems.
- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
- Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted.
- Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq.
- bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution.
- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.
- Improve runtime configuration:
* Read keytype from ntp.conf
* Don't write ntp keys to syslog.
- Fix legacy action scripts to pass on command line arguments.
- bsc#944300: Remove 'kod' from the restrict line in ntp.conf.
- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.
- Add a controlkey to ntp.conf to make the above work.
- Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser.
- Disable mode 7 (ntpdc) again, now that we don't use it anymore.
- Add 'addserver' as a new legacy action.
- bsc#910063: Fix the comment regarding addserver in ntp.conf.
- bsc#926510: Disable chroot by default.
- bsc#920238: Enable ntpdc for backwards compatibility.
Patchnames
SUSE-SLE-DESKTOP-12-2016-727,SUSE-SLE-SDK-12-2016-727,SUSE-SLE-SERVER-12-2016-727
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ntp", title: "Title of the patch", }, { category: "description", text: "ntp was updated to version 4.2.8p6 to fix 28 security issues.\n\nMajor functional changes:\n- The 'sntp' commandline tool changed its option handling in a major way,\n some options have been renamed or dropped.\n- 'controlkey 1' is added during update to ntp.conf to allow sntp to work.\n- The local clock is being disabled during update.\n- ntpd is no longer running chrooted.\n\nOther functional changes:\n- ntp-signd is installed.\n- 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option.\n- 'kod' was removed from the default restrictions.\n- SHA1 keys are used by default instead of MD5 keys.\n\nAlso yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837)\n\nThese security issues were fixed:\n- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).\n- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).\n- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802).\n- CVE-2015-7975: nextvar() missing length check (bsc#962988).\n- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).\n- CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).\n- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n- CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629).\n- CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608).\n- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608).\n- CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608).\n- CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608).\n- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608).\n- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).\n- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).\n- CVE-2015-7849: trusted key use-after-free (bsc#951608).\n- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).\n- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).\n- CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608).\n- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608).\n- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608).\n\nThese non-security issues were fixed:\n- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd).\n This replaces the w32 patches in 4.2.4 that added the authreg\n directive.\n- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd.\n When run as cron job, /usr/sbin/ is not in the path, which caused\n the synchronization to fail.\n- bsc#782060: Speedup ntpq.\n- bsc#916617: Add /var/db/ntp-kod.\n- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems.\n- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n- Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted.\n- Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq.\n- bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution.\n- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n- Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n- Fix legacy action scripts to pass on command line arguments.\n- bsc#944300: Remove 'kod' from the restrict line in ntp.conf.\n- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n- Add a controlkey to ntp.conf to make the above work.\n- Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser.\n- Disable mode 7 (ntpdc) again, now that we don't use it anymore.\n- Add 'addserver' as a new legacy action.\n- bsc#910063: Fix the comment regarding addserver in ntp.conf.\n- bsc#926510: Disable chroot by default.\n- bsc#920238: Enable ntpdc for backwards compatibility.\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-DESKTOP-12-2016-727,SUSE-SLE-SDK-12-2016-727,SUSE-SLE-SERVER-12-2016-727", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1247-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:1247-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161247-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:1247-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-May/002043.html", }, { category: "self", summary: "SUSE Bug 782060", url: "https://bugzilla.suse.com/782060", }, { category: "self", summary: "SUSE Bug 905885", url: "https://bugzilla.suse.com/905885", }, { category: "self", summary: "SUSE Bug 910063", url: "https://bugzilla.suse.com/910063", }, { category: "self", summary: "SUSE Bug 916617", url: "https://bugzilla.suse.com/916617", }, { category: "self", summary: "SUSE Bug 920238", url: "https://bugzilla.suse.com/920238", }, { category: "self", summary: "SUSE Bug 926510", url: "https://bugzilla.suse.com/926510", }, { category: "self", summary: "SUSE Bug 936327", url: "https://bugzilla.suse.com/936327", }, { category: "self", summary: "SUSE Bug 937837", url: "https://bugzilla.suse.com/937837", }, { category: "self", summary: "SUSE Bug 942587", url: "https://bugzilla.suse.com/942587", }, { category: "self", summary: "SUSE Bug 944300", url: "https://bugzilla.suse.com/944300", }, { category: "self", summary: "SUSE Bug 946386", url: "https://bugzilla.suse.com/946386", }, { category: "self", summary: "SUSE Bug 951559", url: "https://bugzilla.suse.com/951559", }, { category: "self", summary: "SUSE Bug 951608", url: "https://bugzilla.suse.com/951608", }, { category: "self", summary: "SUSE Bug 951629", url: "https://bugzilla.suse.com/951629", }, { category: "self", summary: "SUSE Bug 954982", url: "https://bugzilla.suse.com/954982", }, { category: "self", summary: "SUSE Bug 956773", url: "https://bugzilla.suse.com/956773", }, { category: "self", summary: "SUSE Bug 962318", url: "https://bugzilla.suse.com/962318", }, { category: "self", summary: "SUSE Bug 962784", url: "https://bugzilla.suse.com/962784", }, { category: "self", summary: "SUSE Bug 962802", url: "https://bugzilla.suse.com/962802", }, { category: "self", summary: "SUSE Bug 962960", url: "https://bugzilla.suse.com/962960", }, { category: "self", summary: "SUSE Bug 962966", url: "https://bugzilla.suse.com/962966", }, { category: "self", summary: "SUSE Bug 962970", url: "https://bugzilla.suse.com/962970", }, { category: "self", summary: "SUSE Bug 962988", url: "https://bugzilla.suse.com/962988", }, { category: "self", summary: "SUSE Bug 962994", url: "https://bugzilla.suse.com/962994", }, { category: "self", summary: "SUSE Bug 962995", url: "https://bugzilla.suse.com/962995", }, { category: "self", summary: "SUSE Bug 962997", url: "https://bugzilla.suse.com/962997", }, { category: "self", summary: "SUSE Bug 963000", url: "https://bugzilla.suse.com/963000", }, { category: "self", summary: "SUSE Bug 963002", url: "https://bugzilla.suse.com/963002", }, { category: "self", summary: "SUSE Bug 975496", url: "https://bugzilla.suse.com/975496", }, { category: "self", summary: "SUSE Bug 975981", url: "https://bugzilla.suse.com/975981", }, { category: "self", summary: "SUSE CVE CVE-2015-5300 page", url: "https://www.suse.com/security/cve/CVE-2015-5300/", }, { category: "self", summary: "SUSE CVE CVE-2015-7691 page", url: "https://www.suse.com/security/cve/CVE-2015-7691/", }, { category: "self", summary: "SUSE CVE CVE-2015-7692 page", url: "https://www.suse.com/security/cve/CVE-2015-7692/", }, { category: "self", summary: "SUSE CVE CVE-2015-7701 page", url: "https://www.suse.com/security/cve/CVE-2015-7701/", }, { category: "self", summary: "SUSE CVE CVE-2015-7702 page", url: "https://www.suse.com/security/cve/CVE-2015-7702/", }, { category: "self", summary: "SUSE CVE CVE-2015-7703 page", url: "https://www.suse.com/security/cve/CVE-2015-7703/", }, { category: "self", summary: "SUSE CVE CVE-2015-7704 page", url: "https://www.suse.com/security/cve/CVE-2015-7704/", }, { category: "self", summary: "SUSE CVE CVE-2015-7705 page", url: "https://www.suse.com/security/cve/CVE-2015-7705/", }, { category: "self", summary: "SUSE CVE CVE-2015-7848 page", url: "https://www.suse.com/security/cve/CVE-2015-7848/", }, { category: "self", summary: "SUSE CVE CVE-2015-7849 page", url: "https://www.suse.com/security/cve/CVE-2015-7849/", }, { category: "self", summary: "SUSE CVE CVE-2015-7850 page", url: "https://www.suse.com/security/cve/CVE-2015-7850/", }, { category: "self", summary: "SUSE CVE CVE-2015-7851 page", url: "https://www.suse.com/security/cve/CVE-2015-7851/", }, { category: "self", summary: "SUSE CVE CVE-2015-7852 page", url: "https://www.suse.com/security/cve/CVE-2015-7852/", }, { category: "self", summary: "SUSE CVE CVE-2015-7853 page", url: "https://www.suse.com/security/cve/CVE-2015-7853/", }, { category: "self", summary: "SUSE CVE CVE-2015-7854 page", url: "https://www.suse.com/security/cve/CVE-2015-7854/", }, { category: "self", summary: "SUSE CVE CVE-2015-7855 page", url: "https://www.suse.com/security/cve/CVE-2015-7855/", }, { category: "self", summary: "SUSE CVE CVE-2015-7871 page", url: "https://www.suse.com/security/cve/CVE-2015-7871/", }, { category: "self", summary: "SUSE CVE CVE-2015-7973 page", url: "https://www.suse.com/security/cve/CVE-2015-7973/", }, { category: "self", summary: "SUSE CVE CVE-2015-7974 page", url: "https://www.suse.com/security/cve/CVE-2015-7974/", }, { category: "self", summary: "SUSE CVE CVE-2015-7975 page", url: "https://www.suse.com/security/cve/CVE-2015-7975/", }, { category: "self", summary: "SUSE CVE CVE-2015-7976 page", url: "https://www.suse.com/security/cve/CVE-2015-7976/", }, { category: "self", summary: "SUSE CVE CVE-2015-7977 page", url: "https://www.suse.com/security/cve/CVE-2015-7977/", }, { category: "self", summary: "SUSE CVE CVE-2015-7978 page", url: "https://www.suse.com/security/cve/CVE-2015-7978/", }, { category: "self", summary: "SUSE CVE CVE-2015-7979 page", url: "https://www.suse.com/security/cve/CVE-2015-7979/", }, { category: "self", summary: "SUSE CVE CVE-2015-8138 page", url: "https://www.suse.com/security/cve/CVE-2015-8138/", }, { category: "self", summary: "SUSE CVE CVE-2015-8139 page", url: "https://www.suse.com/security/cve/CVE-2015-8139/", }, { category: "self", summary: "SUSE CVE CVE-2015-8140 page", url: "https://www.suse.com/security/cve/CVE-2015-8140/", }, { category: "self", summary: "SUSE CVE CVE-2015-8158 page", url: "https://www.suse.com/security/cve/CVE-2015-8158/", }, ], title: "Security update for ntp", tracking: { current_release_date: "2016-05-06T07:50:51Z", generator: { date: "2016-05-06T07:50:51Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:1247-1", initial_release_date: "2016-05-06T07:50:51Z", revision_history: [ { date: "2016-05-06T07:50:51Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "yast2-ntp-client-3.1.12.4-8.2.noarch", product: { name: "yast2-ntp-client-3.1.12.4-8.2.noarch", product_id: "yast2-ntp-client-3.1.12.4-8.2.noarch", }, }, { category: "product_version", name: "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", product: { name: "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", product_id: "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p6-46.5.2.ppc64le", product: { name: "ntp-4.2.8p6-46.5.2.ppc64le", product_id: "ntp-4.2.8p6-46.5.2.ppc64le", }, }, { category: "product_version", name: "ntp-doc-4.2.8p6-46.5.2.ppc64le", product: { name: "ntp-doc-4.2.8p6-46.5.2.ppc64le", product_id: "ntp-doc-4.2.8p6-46.5.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p6-46.5.2.s390x", product: { name: "ntp-4.2.8p6-46.5.2.s390x", product_id: "ntp-4.2.8p6-46.5.2.s390x", }, }, { category: "product_version", name: "ntp-doc-4.2.8p6-46.5.2.s390x", product: { name: "ntp-doc-4.2.8p6-46.5.2.s390x", product_id: "ntp-doc-4.2.8p6-46.5.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p6-46.5.2.x86_64", product: { name: "ntp-4.2.8p6-46.5.2.x86_64", product_id: "ntp-4.2.8p6-46.5.2.x86_64", }, }, { category: "product_version", name: "ntp-doc-4.2.8p6-46.5.2.x86_64", product: { name: "ntp-doc-4.2.8p6-46.5.2.x86_64", product_id: "ntp-doc-4.2.8p6-46.5.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 12", product: { name: "SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12", product_identification_helper: { cpe: "cpe:/o:suse:sled:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12", product: { name: "SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12", product: { name: "SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12", product_identification_helper: { cpe: "cpe:/o:suse:sles:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", }, product_reference: "ntp-4.2.8p6-46.5.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", }, product_reference: "ntp-doc-4.2.8p6-46.5.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "yast2-ntp-client-3.1.12.4-8.2.noarch as component of SUSE Linux Enterprise Desktop 12", product_id: "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", }, product_reference: "yast2-ntp-client-3.1.12.4-8.2.noarch", relates_to_product_reference: "SUSE Linux Enterprise Desktop 12", }, { category: "default_component_of", full_product_name: { name: "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch as component of SUSE Linux Enterprise Software Development Kit 12", product_id: "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", }, product_reference: "yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-46.5.2.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", }, product_reference: "ntp-4.2.8p6-46.5.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-46.5.2.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", }, product_reference: "ntp-4.2.8p6-46.5.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", }, product_reference: "ntp-4.2.8p6-46.5.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-46.5.2.ppc64le as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", }, product_reference: "ntp-doc-4.2.8p6-46.5.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-46.5.2.s390x as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", }, product_reference: "ntp-doc-4.2.8p6-46.5.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", }, product_reference: "ntp-doc-4.2.8p6-46.5.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "yast2-ntp-client-3.1.12.4-8.2.noarch as component of SUSE Linux Enterprise Server 12", product_id: "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", }, product_reference: "yast2-ntp-client-3.1.12.4-8.2.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-46.5.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", }, product_reference: "ntp-4.2.8p6-46.5.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-46.5.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", }, product_reference: "ntp-4.2.8p6-46.5.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", }, product_reference: "ntp-4.2.8p6-46.5.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-46.5.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", }, product_reference: "ntp-doc-4.2.8p6-46.5.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-46.5.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", }, product_reference: "ntp-doc-4.2.8p6-46.5.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-46.5.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", }, product_reference: "ntp-doc-4.2.8p6-46.5.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "yast2-ntp-client-3.1.12.4-8.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", }, product_reference: "yast2-ntp-client-3.1.12.4-8.2.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, ], }, vulnerabilities: [ { cve: "CVE-2015-5300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5300", }, ], notes: [ { category: "general", text: "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-5300", url: "https://www.suse.com/security/cve/CVE-2015-5300", }, { category: "external", summary: "SUSE Bug 951629 for CVE-2015-5300", url: "https://bugzilla.suse.com/951629", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-5300", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962624 for CVE-2015-5300", url: "https://bugzilla.suse.com/962624", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-5300", }, { cve: "CVE-2015-7691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7691", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7691", url: "https://www.suse.com/security/cve/CVE-2015-7691", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7691", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7691", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7691", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7691", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7691", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "important", }, ], title: "CVE-2015-7691", }, { cve: "CVE-2015-7692", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7692", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7692", url: "https://www.suse.com/security/cve/CVE-2015-7692", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7692", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7692", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7692", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7692", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7692", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "important", }, ], title: "CVE-2015-7692", }, { cve: "CVE-2015-7701", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7701", }, ], notes: [ { category: "general", text: "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7701", url: "https://www.suse.com/security/cve/CVE-2015-7701", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7701", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7701", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7701", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7701", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "important", }, ], title: "CVE-2015-7701", }, { cve: "CVE-2015-7702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7702", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7702", url: "https://www.suse.com/security/cve/CVE-2015-7702", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7702", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7702", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7702", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7702", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7702", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "important", }, ], title: "CVE-2015-7702", }, { cve: "CVE-2015-7703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7703", }, ], notes: [ { category: "general", text: "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7703", url: "https://www.suse.com/security/cve/CVE-2015-7703", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7703", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 943216 for CVE-2015-7703", url: "https://bugzilla.suse.com/943216", }, { category: "external", summary: "SUSE Bug 943218 for CVE-2015-7703", url: "https://bugzilla.suse.com/943218", }, { category: "external", summary: "SUSE Bug 943219 for CVE-2015-7703", url: "https://bugzilla.suse.com/943219", }, { category: "external", summary: "SUSE Bug 943221 for CVE-2015-7703", url: "https://bugzilla.suse.com/943221", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7703", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7703", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7703", }, { cve: "CVE-2015-7704", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7704", }, ], notes: [ { category: "general", text: "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7704", url: "https://www.suse.com/security/cve/CVE-2015-7704", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7704", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7704", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952611 for CVE-2015-7704", url: "https://bugzilla.suse.com/952611", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7704", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2015-7704", url: "https://bugzilla.suse.com/977446", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "important", }, ], title: "CVE-2015-7704", }, { cve: "CVE-2015-7705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7705", }, ], notes: [ { category: "general", text: "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7705", url: "https://www.suse.com/security/cve/CVE-2015-7705", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7705", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7705", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952611 for CVE-2015-7705", url: "https://bugzilla.suse.com/952611", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7705", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "critical", }, ], title: "CVE-2015-7705", }, { cve: "CVE-2015-7848", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7848", }, ], notes: [ { category: "general", text: "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7848", url: "https://www.suse.com/security/cve/CVE-2015-7848", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7848", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7848", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7848", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7848", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7848", }, { cve: "CVE-2015-7849", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7849", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7849", url: "https://www.suse.com/security/cve/CVE-2015-7849", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7849", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7849", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7849", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7849", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "important", }, ], title: "CVE-2015-7849", }, { cve: "CVE-2015-7850", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7850", }, ], notes: [ { category: "general", text: "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7850", url: "https://www.suse.com/security/cve/CVE-2015-7850", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7850", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7850", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7850", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7850", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7850", }, { cve: "CVE-2015-7851", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7851", }, ], notes: [ { category: "general", text: "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7851", url: "https://www.suse.com/security/cve/CVE-2015-7851", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7851", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7851", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7851", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7851", }, { cve: "CVE-2015-7852", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7852", }, ], notes: [ { category: "general", text: "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7852", url: "https://www.suse.com/security/cve/CVE-2015-7852", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7852", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7852", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7852", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7852", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7852", }, { cve: "CVE-2015-7853", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7853", }, ], notes: [ { category: "general", text: "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7853", url: "https://www.suse.com/security/cve/CVE-2015-7853", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7853", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7853", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7853", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7853", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "critical", }, ], title: "CVE-2015-7853", }, { cve: "CVE-2015-7854", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7854", }, ], notes: [ { category: "general", text: "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7854", url: "https://www.suse.com/security/cve/CVE-2015-7854", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7854", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7854", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7854", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7854", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "important", }, ], title: "CVE-2015-7854", }, { cve: "CVE-2015-7855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7855", }, ], notes: [ { category: "general", text: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7855", url: "https://www.suse.com/security/cve/CVE-2015-7855", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7855", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7855", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7855", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7855", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7855", }, { cve: "CVE-2015-7871", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7871", }, ], notes: [ { category: "general", text: "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7871", url: "https://www.suse.com/security/cve/CVE-2015-7871", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7871", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7871", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952606 for CVE-2015-7871", url: "https://bugzilla.suse.com/952606", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7871", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "critical", }, ], title: "CVE-2015-7871", }, { cve: "CVE-2015-7973", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7973", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7973", url: "https://www.suse.com/security/cve/CVE-2015-7973", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7973", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7973", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7973", }, { cve: "CVE-2015-7974", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7974", }, ], notes: [ { category: "general", text: "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7974", url: "https://www.suse.com/security/cve/CVE-2015-7974", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7974", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962960 for CVE-2015-7974", url: "https://bugzilla.suse.com/962960", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7974", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "low", }, ], title: "CVE-2015-7974", }, { cve: "CVE-2015-7975", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7975", }, ], notes: [ { category: "general", text: "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7975", url: "https://www.suse.com/security/cve/CVE-2015-7975", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7975", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962988 for CVE-2015-7975", url: "https://bugzilla.suse.com/962988", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7975", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "low", }, ], title: "CVE-2015-7975", }, { cve: "CVE-2015-7976", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7976", }, ], notes: [ { category: "general", text: "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7976", url: "https://www.suse.com/security/cve/CVE-2015-7976", }, { category: "external", summary: "SUSE Bug 962802 for CVE-2015-7976", url: "https://bugzilla.suse.com/962802", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7976", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "low", }, ], title: "CVE-2015-7976", }, { cve: "CVE-2015-7977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7977", }, ], notes: [ { category: "general", text: "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7977", url: "https://www.suse.com/security/cve/CVE-2015-7977", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7977", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962970 for CVE-2015-7977", url: "https://bugzilla.suse.com/962970", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7977", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7977", }, { cve: "CVE-2015-7978", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7978", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7978", url: "https://www.suse.com/security/cve/CVE-2015-7978", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7978", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962970 for CVE-2015-7978", url: "https://bugzilla.suse.com/962970", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7978", url: "https://bugzilla.suse.com/962995", }, { category: "external", summary: "SUSE Bug 963000 for CVE-2015-7978", url: "https://bugzilla.suse.com/963000", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7978", }, { cve: "CVE-2015-7979", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7979", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-7979", url: "https://www.suse.com/security/cve/CVE-2015-7979", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7979", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962784 for CVE-2015-7979", url: "https://bugzilla.suse.com/962784", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7979", url: "https://bugzilla.suse.com/962995", }, { category: "external", summary: "SUSE Bug 977459 for CVE-2015-7979", url: "https://bugzilla.suse.com/977459", }, { category: "external", summary: "SUSE Bug 982065 for CVE-2015-7979", url: "https://bugzilla.suse.com/982065", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-7979", }, { cve: "CVE-2015-8138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8138", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-8138", url: "https://www.suse.com/security/cve/CVE-2015-8138", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-8138", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8138", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 963002 for CVE-2015-8138", url: "https://bugzilla.suse.com/963002", }, { category: "external", summary: "SUSE Bug 974668 for CVE-2015-8138", url: "https://bugzilla.suse.com/974668", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2015-8138", url: "https://bugzilla.suse.com/977446", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-8138", }, { cve: "CVE-2015-8139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8139", }, ], notes: [ { category: "general", text: "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-8139", url: "https://www.suse.com/security/cve/CVE-2015-8139", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-8139", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8139", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962997 for CVE-2015-8139", url: "https://bugzilla.suse.com/962997", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-8139", }, { cve: "CVE-2015-8140", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8140", }, ], notes: [ { category: "general", text: "The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-8140", url: "https://www.suse.com/security/cve/CVE-2015-8140", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-8140", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8140", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962994 for CVE-2015-8140", url: "https://bugzilla.suse.com/962994", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "moderate", }, ], title: "CVE-2015-8140", }, { cve: "CVE-2015-8158", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8158", }, ], notes: [ { category: "general", text: "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, references: [ { category: "external", summary: "CVE-2015-8158", url: "https://www.suse.com/security/cve/CVE-2015-8158", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8158", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962966 for CVE-2015-8158", url: "https://bugzilla.suse.com/962966", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Desktop 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.s390x", "SUSE Linux Enterprise Server for SAP Applications 12:ntp-doc-4.2.8p6-46.5.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:yast2-ntp-client-3.1.12.4-8.2.noarch", "SUSE Linux Enterprise Software Development Kit 12:yast2-ntp-client-devel-doc-3.1.12.4-8.2.noarch", ], }, ], threats: [ { category: "impact", date: "2016-05-06T07:50:51Z", details: "low", }, ], title: "CVE-2015-8158", }, ], }
suse-su-2015:2058-1
Vulnerability from csaf_suse
Published
2015-11-20 09:21
Modified
2015-11-20 09:21
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This ntp update provides the following security and non security fixes:
- Update to 4.2.8p4 to fix several security issues (bsc#951608):
* CVE-2015-7871: NAK to the Future: Symmetric association
authentication bypass via crypto-NAK
* CVE-2015-7855: decodenetnum() will ASSERT botch instead of
returning FAIL on some bogus values
* CVE-2015-7854: Password Length Memory Corruption Vulnerability
* CVE-2015-7853: Invalid length data provided by a custom
refclock driver could cause a buffer overflow
* CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
* CVE-2015-7851 saveconfig Directory Traversal Vulnerability
* CVE-2015-7850 remote config logfile-keyfile
* CVE-2015-7849 trusted key use-after-free
* CVE-2015-7848 mode 7 loop counter underrun
* CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
* CVE-2015-7703 configuration directives 'pidfile' and
'driftfile' should only be allowed locally
* CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field
* CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks
- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).
- Add a controlkey to ntp.conf to make the above work.
- Improve runtime configuration:
* Read keytype from ntp.conf
* Don't write ntp keys to syslog.
- Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser.
- Fix the comment regarding addserver in ntp.conf (bnc#910063).
- Remove ntp.1.gz, it wasn't installed anymore.
- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.
The rest is partially irrelevant, partially redundant and
potentially outdated (bsc#942587).
- Remove 'kod' from the restrict line in ntp.conf (bsc#944300).
- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
- Require perl-Socket6 (bsc#942441).
- Fix incomplete backporting of 'rcntp ntptimemset'.
Patchnames
sledsp4-ntp-12218,slessp4-ntp-12218
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ntp", title: "Title of the patch", }, { category: "description", text: "This ntp update provides the following security and non security fixes:\n\n- Update to 4.2.8p4 to fix several security issues (bsc#951608):\n * CVE-2015-7871: NAK to the Future: Symmetric association\n authentication bypass via crypto-NAK\n * CVE-2015-7855: decodenetnum() will ASSERT botch instead of\n returning FAIL on some bogus values\n * CVE-2015-7854: Password Length Memory Corruption Vulnerability\n * CVE-2015-7853: Invalid length data provided by a custom\n refclock driver could cause a buffer overflow\n * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability\n * CVE-2015-7851 saveconfig Directory Traversal Vulnerability\n * CVE-2015-7850 remote config logfile-keyfile\n * CVE-2015-7849 trusted key use-after-free\n * CVE-2015-7848 mode 7 loop counter underrun\n * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC\n * CVE-2015-7703 configuration directives 'pidfile' and\n 'driftfile' should only be allowed locally\n * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should\n validate the origin timestamp field\n * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey\n data packet length checks\n- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).\n- Add a controlkey to ntp.conf to make the above work.\n- Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n- Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser.\n- Fix the comment regarding addserver in ntp.conf (bnc#910063).\n- Remove ntp.1.gz, it wasn't installed anymore.\n- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.\n The rest is partially irrelevant, partially redundant and\n potentially outdated (bsc#942587).\n- Remove 'kod' from the restrict line in ntp.conf (bsc#944300).\n- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).\n- Require perl-Socket6 (bsc#942441).\n- Fix incomplete backporting of 'rcntp ntptimemset'.\n", title: "Description of the patch", }, { category: "details", text: "sledsp4-ntp-12218,slessp4-ntp-12218", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2058-1.json", }, { category: "self", summary: "URL for SUSE-SU-2015:2058-1", url: "https://www.suse.com/support/update/announcement/2015/suse-su-20152058-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2015:2058-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2015-November/001688.html", }, { category: "self", summary: "SUSE Bug 905885", url: "https://bugzilla.suse.com/905885", }, { category: "self", summary: "SUSE Bug 910063", url: "https://bugzilla.suse.com/910063", }, { category: "self", summary: "SUSE Bug 936327", url: "https://bugzilla.suse.com/936327", }, { category: "self", summary: "SUSE Bug 942441", url: "https://bugzilla.suse.com/942441", }, { category: "self", summary: "SUSE Bug 942587", url: "https://bugzilla.suse.com/942587", }, { category: "self", summary: "SUSE Bug 944300", url: "https://bugzilla.suse.com/944300", }, { category: "self", summary: "SUSE Bug 951608", url: "https://bugzilla.suse.com/951608", }, { category: "self", summary: "SUSE CVE CVE-2015-7691 page", url: "https://www.suse.com/security/cve/CVE-2015-7691/", }, { category: "self", summary: "SUSE CVE CVE-2015-7692 page", url: "https://www.suse.com/security/cve/CVE-2015-7692/", }, { category: "self", summary: "SUSE CVE CVE-2015-7701 page", url: "https://www.suse.com/security/cve/CVE-2015-7701/", }, { category: "self", summary: "SUSE CVE CVE-2015-7702 page", url: "https://www.suse.com/security/cve/CVE-2015-7702/", }, { category: "self", summary: "SUSE CVE CVE-2015-7703 page", url: "https://www.suse.com/security/cve/CVE-2015-7703/", }, { category: "self", summary: "SUSE CVE CVE-2015-7704 page", url: "https://www.suse.com/security/cve/CVE-2015-7704/", }, { category: "self", summary: "SUSE CVE CVE-2015-7705 page", url: "https://www.suse.com/security/cve/CVE-2015-7705/", }, { category: "self", summary: "SUSE CVE CVE-2015-7848 page", url: "https://www.suse.com/security/cve/CVE-2015-7848/", }, { category: "self", summary: "SUSE CVE CVE-2015-7849 page", url: "https://www.suse.com/security/cve/CVE-2015-7849/", }, { category: "self", summary: "SUSE CVE CVE-2015-7850 page", url: "https://www.suse.com/security/cve/CVE-2015-7850/", }, { category: "self", summary: "SUSE CVE CVE-2015-7851 page", url: "https://www.suse.com/security/cve/CVE-2015-7851/", }, { category: "self", summary: "SUSE CVE CVE-2015-7852 page", url: "https://www.suse.com/security/cve/CVE-2015-7852/", }, { category: "self", summary: "SUSE CVE CVE-2015-7853 page", url: "https://www.suse.com/security/cve/CVE-2015-7853/", }, { category: "self", summary: "SUSE CVE CVE-2015-7854 page", url: "https://www.suse.com/security/cve/CVE-2015-7854/", }, { category: "self", summary: "SUSE CVE CVE-2015-7855 page", url: "https://www.suse.com/security/cve/CVE-2015-7855/", }, { category: "self", summary: "SUSE CVE CVE-2015-7871 page", url: "https://www.suse.com/security/cve/CVE-2015-7871/", }, ], title: "Security update for ntp", tracking: { current_release_date: "2015-11-20T09:21:30Z", generator: { date: "2015-11-20T09:21:30Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2015:2058-1", initial_release_date: "2015-11-20T09:21:30Z", revision_history: [ { date: "2015-11-20T09:21:30Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ntp-4.2.8p4-5.1.i586", product: { name: "ntp-4.2.8p4-5.1.i586", product_id: "ntp-4.2.8p4-5.1.i586", }, }, { category: "product_version", name: "ntp-doc-4.2.8p4-5.1.i586", product: { name: "ntp-doc-4.2.8p4-5.1.i586", product_id: "ntp-doc-4.2.8p4-5.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p4-5.1.ia64", product: { name: "ntp-4.2.8p4-5.1.ia64", product_id: "ntp-4.2.8p4-5.1.ia64", }, }, { category: "product_version", name: "ntp-doc-4.2.8p4-5.1.ia64", product: { name: "ntp-doc-4.2.8p4-5.1.ia64", product_id: "ntp-doc-4.2.8p4-5.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p4-5.1.ppc64", product: { name: "ntp-4.2.8p4-5.1.ppc64", product_id: "ntp-4.2.8p4-5.1.ppc64", }, }, { category: "product_version", name: "ntp-doc-4.2.8p4-5.1.ppc64", product: { name: "ntp-doc-4.2.8p4-5.1.ppc64", product_id: "ntp-doc-4.2.8p4-5.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p4-5.1.s390x", product: { name: "ntp-4.2.8p4-5.1.s390x", product_id: "ntp-4.2.8p4-5.1.s390x", }, }, { category: "product_version", name: "ntp-doc-4.2.8p4-5.1.s390x", product: { name: "ntp-doc-4.2.8p4-5.1.s390x", product_id: "ntp-doc-4.2.8p4-5.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p4-5.1.x86_64", product: { name: "ntp-4.2.8p4-5.1.x86_64", product_id: "ntp-4.2.8p4-5.1.x86_64", }, }, { category: "product_version", name: "ntp-doc-4.2.8p4-5.1.x86_64", product: { name: "ntp-doc-4.2.8p4-5.1.x86_64", product_id: "ntp-doc-4.2.8p4-5.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Desktop 11 SP4", product: { name: "SUSE Linux Enterprise Desktop 11 SP4", product_id: "SUSE Linux Enterprise Desktop 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sled:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4", product: { name: "SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4", product_id: "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", }, product_reference: "ntp-4.2.8p4-5.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4", product_id: "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", }, product_reference: "ntp-4.2.8p4-5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4", product_id: "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", }, product_reference: "ntp-doc-4.2.8p4-5.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4", product_id: "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", }, product_reference: "ntp-doc-4.2.8p4-5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Desktop 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", }, product_reference: "ntp-4.2.8p4-5.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", }, product_reference: "ntp-4.2.8p4-5.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", }, product_reference: "ntp-4.2.8p4-5.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", }, product_reference: "ntp-4.2.8p4-5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", }, product_reference: "ntp-4.2.8p4-5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", }, product_reference: "ntp-doc-4.2.8p4-5.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", }, product_reference: "ntp-doc-4.2.8p4-5.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", }, product_reference: "ntp-doc-4.2.8p4-5.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", }, product_reference: "ntp-doc-4.2.8p4-5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", }, product_reference: "ntp-doc-4.2.8p4-5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", }, product_reference: "ntp-4.2.8p4-5.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", }, product_reference: "ntp-4.2.8p4-5.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", }, product_reference: "ntp-4.2.8p4-5.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", }, product_reference: "ntp-4.2.8p4-5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", }, product_reference: "ntp-4.2.8p4-5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", }, product_reference: "ntp-doc-4.2.8p4-5.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", }, product_reference: "ntp-doc-4.2.8p4-5.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", }, product_reference: "ntp-doc-4.2.8p4-5.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", }, product_reference: "ntp-doc-4.2.8p4-5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p4-5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", }, product_reference: "ntp-doc-4.2.8p4-5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-7691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7691", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7691", url: "https://www.suse.com/security/cve/CVE-2015-7691", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7691", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7691", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7691", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7691", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7691", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "important", }, ], title: "CVE-2015-7691", }, { cve: "CVE-2015-7692", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7692", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7692", url: "https://www.suse.com/security/cve/CVE-2015-7692", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7692", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7692", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7692", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7692", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7692", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "important", }, ], title: "CVE-2015-7692", }, { cve: "CVE-2015-7701", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7701", }, ], notes: [ { category: "general", text: "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7701", url: "https://www.suse.com/security/cve/CVE-2015-7701", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7701", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7701", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7701", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7701", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "important", }, ], title: "CVE-2015-7701", }, { cve: "CVE-2015-7702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7702", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7702", url: "https://www.suse.com/security/cve/CVE-2015-7702", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7702", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7702", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7702", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7702", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7702", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "important", }, ], title: "CVE-2015-7702", }, { cve: "CVE-2015-7703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7703", }, ], notes: [ { category: "general", text: "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7703", url: "https://www.suse.com/security/cve/CVE-2015-7703", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7703", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 943216 for CVE-2015-7703", url: "https://bugzilla.suse.com/943216", }, { category: "external", summary: "SUSE Bug 943218 for CVE-2015-7703", url: "https://bugzilla.suse.com/943218", }, { category: "external", summary: "SUSE Bug 943219 for CVE-2015-7703", url: "https://bugzilla.suse.com/943219", }, { category: "external", summary: "SUSE Bug 943221 for CVE-2015-7703", url: "https://bugzilla.suse.com/943221", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7703", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7703", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "moderate", }, ], title: "CVE-2015-7703", }, { cve: "CVE-2015-7704", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7704", }, ], notes: [ { category: "general", text: "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7704", url: "https://www.suse.com/security/cve/CVE-2015-7704", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7704", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7704", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952611 for CVE-2015-7704", url: "https://bugzilla.suse.com/952611", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7704", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2015-7704", url: "https://bugzilla.suse.com/977446", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "important", }, ], title: "CVE-2015-7704", }, { cve: "CVE-2015-7705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7705", }, ], notes: [ { category: "general", text: "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7705", url: "https://www.suse.com/security/cve/CVE-2015-7705", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7705", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7705", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952611 for CVE-2015-7705", url: "https://bugzilla.suse.com/952611", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7705", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "critical", }, ], title: "CVE-2015-7705", }, { cve: "CVE-2015-7848", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7848", }, ], notes: [ { category: "general", text: "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7848", url: "https://www.suse.com/security/cve/CVE-2015-7848", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7848", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7848", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7848", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7848", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "moderate", }, ], title: "CVE-2015-7848", }, { cve: "CVE-2015-7849", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7849", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7849", url: "https://www.suse.com/security/cve/CVE-2015-7849", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7849", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7849", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7849", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7849", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "important", }, ], title: "CVE-2015-7849", }, { cve: "CVE-2015-7850", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7850", }, ], notes: [ { category: "general", text: "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7850", url: "https://www.suse.com/security/cve/CVE-2015-7850", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7850", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7850", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7850", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7850", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "moderate", }, ], title: "CVE-2015-7850", }, { cve: "CVE-2015-7851", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7851", }, ], notes: [ { category: "general", text: "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7851", url: "https://www.suse.com/security/cve/CVE-2015-7851", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7851", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7851", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7851", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "moderate", }, ], title: "CVE-2015-7851", }, { cve: "CVE-2015-7852", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7852", }, ], notes: [ { category: "general", text: "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7852", url: "https://www.suse.com/security/cve/CVE-2015-7852", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7852", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7852", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7852", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7852", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "moderate", }, ], title: "CVE-2015-7852", }, { cve: "CVE-2015-7853", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7853", }, ], notes: [ { category: "general", text: "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7853", url: "https://www.suse.com/security/cve/CVE-2015-7853", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7853", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7853", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7853", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7853", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "critical", }, ], title: "CVE-2015-7853", }, { cve: "CVE-2015-7854", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7854", }, ], notes: [ { category: "general", text: "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7854", url: "https://www.suse.com/security/cve/CVE-2015-7854", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7854", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7854", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7854", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7854", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "important", }, ], title: "CVE-2015-7854", }, { cve: "CVE-2015-7855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7855", }, ], notes: [ { category: "general", text: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7855", url: "https://www.suse.com/security/cve/CVE-2015-7855", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7855", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7855", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7855", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7855", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "moderate", }, ], title: "CVE-2015-7855", }, { cve: "CVE-2015-7871", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7871", }, ], notes: [ { category: "general", text: "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7871", url: "https://www.suse.com/security/cve/CVE-2015-7871", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7871", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7871", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952606 for CVE-2015-7871", url: "https://bugzilla.suse.com/952606", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7871", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Desktop 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-4.2.8p4-5.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:ntp-doc-4.2.8p4-5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2015-11-20T09:21:30Z", details: "critical", }, ], title: "CVE-2015-7871", }, ], }
suse-su-2016:1311-1
Vulnerability from csaf_suse
Published
2016-05-17 09:29
Modified
2016-05-17 09:29
Summary
Security update for ntp
Notes
Title of the patch
Security update for ntp
Description of the patch
This network time protocol server ntp was updated to 4.2.8p6 to fix the following
issues:
Also yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837)
Major functional changes:
- The 'sntp' commandline tool changed its option handling in a major way.
- 'controlkey 1' is added during update to ntp.conf to allow sntp to work.
- The local clock is being disabled during update.
- ntpd is no longer running chrooted.
Other functional changes:
- ntp-signd is installed.
- 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option.
- 'kod' was removed from the default restrictions.
- SHA1 keys are used by default instead of MD5 keys.
These security issues were fixed:
- CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216).
- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).
- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).
- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).
- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).
- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).
- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802).
- CVE-2015-7975: nextvar() missing length check (bsc#962988).
- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).
- CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).
- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).
- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).
- CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629).
- CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608).
- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608).
- CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608).
- CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608).
- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608).
- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).
- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).
- CVE-2015-7849: trusted key use-after-free (bsc#951608).
- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).
- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).
- CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608).
- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608).
- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608).
These non-security issues were fixed:
- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd).
This replaces the w32 patches in 4.2.4 that added the authreg
directive.
- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd.
When run as cron job, /usr/sbin/ is not in the path, which caused
the synchronization to fail.
- bsc#782060: Speedup ntpq.
- bsc#916617: Add /var/db/ntp-kod.
- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems.
- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.
- Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted.
- Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq.
- bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution.
- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.
- Improve runtime configuration:
* Read keytype from ntp.conf
* Don't write ntp keys to syslog.
- Fix legacy action scripts to pass on command line arguments.
- bsc#944300: Remove 'kod' from the restrict line in ntp.conf.
- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.
- Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser.
- Disable mode 7 (ntpdc) again, now that we don't use it anymore.
- Add 'addserver' as a new legacy action.
- bsc#910063: Fix the comment regarding addserver in ntp.conf.
- bsc#926510: Disable chroot by default.
- bsc#920238: Enable ntpdc for backwards compatibility.
- bsc#784760: Remove local clock from default configuration.
- bsc#942441/fate#319496: Require perl-Socket6.
- Improve runtime configuration:
* Read keytype from ntp.conf
* Don't write ntp keys to syslog.
- bsc#920183: Allow -4 and -6 address qualifiers in 'server' directives.
- Use upstream ntp-wait, because our version is incompatible with
the new ntpq command line syntax.
Patchnames
sleclo50sp3-ntp-12561,sleman21-ntp-12561,slemap21-ntp-12561,slessp2-ntp-12561,slessp3-ntp-12561
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for ntp", title: "Title of the patch", }, { category: "description", text: "\nThis network time protocol server ntp was updated to 4.2.8p6 to fix the following\nissues:\n\nAlso yast2-ntp-client was updated to match some sntp syntax changes. (bsc#937837)\n\nMajor functional changes:\n- The 'sntp' commandline tool changed its option handling in a major way.\n- 'controlkey 1' is added during update to ntp.conf to allow sntp to work.\n- The local clock is being disabled during update.\n- ntpd is no longer running chrooted.\n\n\nOther functional changes:\n- ntp-signd is installed.\n- 'enable mode7' can be added to the configuration to allow ntdpc to work as compatibility mode option.\n- 'kod' was removed from the default restrictions.\n- SHA1 keys are used by default instead of MD5 keys.\n\nThese security issues were fixed:\n- CVE-2015-5219: An endless loop due to incorrect precision to double conversion (bsc#943216).\n- CVE-2015-8158: Fixed potential infinite loop in ntpq (bsc#962966).\n- CVE-2015-8138: Zero Origin Timestamp Bypass (bsc#963002).\n- CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast mode (bsc#962784).\n- CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list (bsc#963000).\n- CVE-2015-7977: reslist NULL pointer dereference (bsc#962970).\n- CVE-2015-7976: ntpq saveconfig command allows dangerous characters in filenames (bsc#962802).\n- CVE-2015-7975: nextvar() missing length check (bsc#962988).\n- CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between authenticated peers (bsc#962960).\n- CVE-2015-7973: Replay attack on authenticated broadcast mode (bsc#962995).\n- CVE-2015-8140: ntpq vulnerable to replay attacks (bsc#962994).\n- CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin (bsc#962997).\n- CVE-2015-5300: MITM attacker could have forced ntpd to make a step larger than the panic threshold (bsc#951629).\n- CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK (bsc#951608).\n- CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values (bsc#951608).\n- CVE-2015-7854: Password Length Memory Corruption Vulnerability (bsc#951608).\n- CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow (bsc#951608).\n- CVE-2015-7852: ntpq atoascii() Memory Corruption Vulnerability (bsc#951608).\n- CVE-2015-7851: saveconfig Directory Traversal Vulnerability (bsc#951608).\n- CVE-2015-7850: remote config logfile-keyfile (bsc#951608).\n- CVE-2015-7849: trusted key use-after-free (bsc#951608).\n- CVE-2015-7848: mode 7 loop counter underrun (bsc#951608).\n- CVE-2015-7701: Slow memory leak in CRYPTO_ASSOC (bsc#951608).\n- CVE-2015-7703: configuration directives 'pidfile' and 'driftfile' should only be allowed locally (bsc#951608).\n- CVE-2015-7704, CVE-2015-7705: Clients that receive a KoD should validate the origin timestamp field (bsc#951608).\n- CVE-2015-7691, CVE-2015-7692, CVE-2015-7702: Incomplete autokey data packet length checks (bsc#951608).\n\nThese non-security issues were fixed:\n- fate#320758 bsc#975981: Enable compile-time support for MS-SNTP (--enable-ntp-signd).\n This replaces the w32 patches in 4.2.4 that added the authreg\n directive.\n- bsc#962318: Call /usr/sbin/sntp with full path to synchronize in start-ntpd.\n When run as cron job, /usr/sbin/ is not in the path, which caused\n the synchronization to fail.\n- bsc#782060: Speedup ntpq.\n- bsc#916617: Add /var/db/ntp-kod.\n- bsc#956773: Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems.\n- bsc#951559,bsc#975496: Fix the TZ offset output of sntp during DST.\n- Add ntp-fork.patch and build with threads disabled to allow name resolution even when running chrooted.\n- Add a controlkey line to /etc/ntp.conf if one does not already exist to allow runtime configuuration via ntpq.\n- bsc#946386: Temporarily disable memlock to avoid problems due to high memory usage during name resolution.\n- bsc#905885: Use SHA1 instead of MD5 for symmetric keys.\n- Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n- Fix legacy action scripts to pass on command line arguments.\n- bsc#944300: Remove 'kod' from the restrict line in ntp.conf.\n- bsc#936327: Use ntpq instead of deprecated ntpdc in start-ntpd.\n- Don't let 'keysdir' lines in ntp.conf trigger the 'keys' parser.\n- Disable mode 7 (ntpdc) again, now that we don't use it anymore.\n- Add 'addserver' as a new legacy action.\n- bsc#910063: Fix the comment regarding addserver in ntp.conf.\n- bsc#926510: Disable chroot by default.\n- bsc#920238: Enable ntpdc for backwards compatibility.\n- bsc#784760: Remove local clock from default configuration.\n- bsc#942441/fate#319496: Require perl-Socket6.\n- Improve runtime configuration:\n * Read keytype from ntp.conf\n * Don't write ntp keys to syslog.\n- bsc#920183: Allow -4 and -6 address qualifiers in 'server' directives.\n- Use upstream ntp-wait, because our version is incompatible with\n the new ntpq command line syntax.\n", title: "Description of the patch", }, { category: "details", text: "sleclo50sp3-ntp-12561,sleman21-ntp-12561,slemap21-ntp-12561,slessp2-ntp-12561,slessp3-ntp-12561", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1311-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:1311-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161311-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:1311-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-May/002064.html", }, { category: "self", summary: "SUSE Bug 782060", url: "https://bugzilla.suse.com/782060", }, { category: "self", summary: "SUSE Bug 784760", url: "https://bugzilla.suse.com/784760", }, { category: "self", summary: "SUSE Bug 905885", url: "https://bugzilla.suse.com/905885", }, { category: "self", summary: "SUSE Bug 910063", url: "https://bugzilla.suse.com/910063", }, { category: "self", summary: "SUSE Bug 916617", url: "https://bugzilla.suse.com/916617", }, { category: "self", summary: "SUSE Bug 920183", url: "https://bugzilla.suse.com/920183", }, { category: "self", summary: "SUSE Bug 920238", url: "https://bugzilla.suse.com/920238", }, { category: "self", summary: "SUSE Bug 926510", url: "https://bugzilla.suse.com/926510", }, { category: "self", summary: "SUSE Bug 936327", url: "https://bugzilla.suse.com/936327", }, { category: "self", summary: "SUSE Bug 937837", url: "https://bugzilla.suse.com/937837", }, { category: "self", summary: "SUSE Bug 942441", url: "https://bugzilla.suse.com/942441", }, { category: "self", summary: "SUSE Bug 942587", url: "https://bugzilla.suse.com/942587", }, { category: "self", summary: "SUSE Bug 943216", url: "https://bugzilla.suse.com/943216", }, { category: "self", summary: "SUSE Bug 943218", url: "https://bugzilla.suse.com/943218", }, { category: "self", summary: "SUSE Bug 944300", url: "https://bugzilla.suse.com/944300", }, { category: "self", summary: "SUSE Bug 946386", url: "https://bugzilla.suse.com/946386", }, { category: "self", summary: "SUSE Bug 951351", url: "https://bugzilla.suse.com/951351", }, { category: "self", summary: "SUSE Bug 951559", url: "https://bugzilla.suse.com/951559", }, { category: "self", summary: "SUSE Bug 951608", url: "https://bugzilla.suse.com/951608", }, { category: "self", summary: "SUSE Bug 951629", url: "https://bugzilla.suse.com/951629", }, { category: "self", summary: "SUSE Bug 954982", url: "https://bugzilla.suse.com/954982", }, { category: "self", summary: "SUSE Bug 956773", url: "https://bugzilla.suse.com/956773", }, { category: "self", summary: "SUSE Bug 962318", url: "https://bugzilla.suse.com/962318", }, { category: "self", summary: "SUSE Bug 962784", url: "https://bugzilla.suse.com/962784", }, { category: "self", summary: "SUSE Bug 962802", url: "https://bugzilla.suse.com/962802", }, { category: "self", summary: "SUSE Bug 962960", url: "https://bugzilla.suse.com/962960", }, { category: "self", summary: "SUSE Bug 962966", url: "https://bugzilla.suse.com/962966", }, { category: "self", summary: "SUSE Bug 962970", url: "https://bugzilla.suse.com/962970", }, { category: "self", summary: "SUSE Bug 962988", url: "https://bugzilla.suse.com/962988", }, { category: "self", summary: "SUSE Bug 962994", url: "https://bugzilla.suse.com/962994", }, { category: "self", summary: "SUSE Bug 962995", url: "https://bugzilla.suse.com/962995", }, { category: "self", summary: "SUSE Bug 962997", url: "https://bugzilla.suse.com/962997", }, { category: "self", summary: "SUSE Bug 963000", url: "https://bugzilla.suse.com/963000", }, { category: "self", summary: "SUSE Bug 963002", url: "https://bugzilla.suse.com/963002", }, { category: "self", summary: "SUSE Bug 975496", url: "https://bugzilla.suse.com/975496", }, { category: "self", summary: "SUSE Bug 975981", url: "https://bugzilla.suse.com/975981", }, { category: "self", summary: "SUSE CVE CVE-2015-5194 page", url: "https://www.suse.com/security/cve/CVE-2015-5194/", }, { category: "self", summary: "SUSE CVE CVE-2015-5219 page", url: "https://www.suse.com/security/cve/CVE-2015-5219/", }, { category: "self", summary: "SUSE CVE CVE-2015-5300 page", url: "https://www.suse.com/security/cve/CVE-2015-5300/", }, { category: "self", summary: "SUSE CVE CVE-2015-7691 page", url: "https://www.suse.com/security/cve/CVE-2015-7691/", }, { category: "self", summary: "SUSE CVE CVE-2015-7692 page", url: "https://www.suse.com/security/cve/CVE-2015-7692/", }, { category: "self", summary: "SUSE CVE CVE-2015-7701 page", url: "https://www.suse.com/security/cve/CVE-2015-7701/", }, { category: "self", summary: "SUSE CVE CVE-2015-7702 page", url: "https://www.suse.com/security/cve/CVE-2015-7702/", }, { category: "self", summary: "SUSE CVE CVE-2015-7703 page", url: "https://www.suse.com/security/cve/CVE-2015-7703/", }, { category: "self", summary: "SUSE CVE CVE-2015-7704 page", url: "https://www.suse.com/security/cve/CVE-2015-7704/", }, { category: "self", summary: "SUSE CVE CVE-2015-7705 page", url: "https://www.suse.com/security/cve/CVE-2015-7705/", }, { category: "self", summary: "SUSE CVE CVE-2015-7848 page", url: "https://www.suse.com/security/cve/CVE-2015-7848/", }, { category: "self", summary: "SUSE CVE CVE-2015-7849 page", url: "https://www.suse.com/security/cve/CVE-2015-7849/", }, { category: "self", summary: "SUSE CVE CVE-2015-7850 page", url: "https://www.suse.com/security/cve/CVE-2015-7850/", }, { category: "self", summary: "SUSE CVE CVE-2015-7851 page", url: "https://www.suse.com/security/cve/CVE-2015-7851/", }, { category: "self", summary: "SUSE CVE CVE-2015-7852 page", url: "https://www.suse.com/security/cve/CVE-2015-7852/", }, { category: "self", summary: "SUSE CVE CVE-2015-7853 page", url: "https://www.suse.com/security/cve/CVE-2015-7853/", }, { category: "self", summary: "SUSE CVE CVE-2015-7854 page", url: "https://www.suse.com/security/cve/CVE-2015-7854/", }, { category: "self", summary: "SUSE CVE CVE-2015-7855 page", url: "https://www.suse.com/security/cve/CVE-2015-7855/", }, { category: "self", summary: "SUSE CVE CVE-2015-7871 page", url: "https://www.suse.com/security/cve/CVE-2015-7871/", }, { category: "self", summary: "SUSE CVE CVE-2015-7973 page", url: "https://www.suse.com/security/cve/CVE-2015-7973/", }, { category: "self", summary: "SUSE CVE CVE-2015-7974 page", url: "https://www.suse.com/security/cve/CVE-2015-7974/", }, { category: "self", summary: "SUSE CVE CVE-2015-7975 page", url: "https://www.suse.com/security/cve/CVE-2015-7975/", }, { category: "self", summary: "SUSE CVE CVE-2015-7976 page", url: "https://www.suse.com/security/cve/CVE-2015-7976/", }, { category: "self", summary: "SUSE CVE CVE-2015-7977 page", url: "https://www.suse.com/security/cve/CVE-2015-7977/", }, { category: "self", summary: "SUSE CVE CVE-2015-7978 page", url: "https://www.suse.com/security/cve/CVE-2015-7978/", }, { category: "self", summary: "SUSE CVE CVE-2015-7979 page", url: "https://www.suse.com/security/cve/CVE-2015-7979/", }, { category: "self", summary: "SUSE CVE CVE-2015-8138 page", url: "https://www.suse.com/security/cve/CVE-2015-8138/", }, { category: "self", summary: "SUSE CVE CVE-2015-8139 page", url: "https://www.suse.com/security/cve/CVE-2015-8139/", }, { category: "self", summary: "SUSE CVE CVE-2015-8140 page", url: "https://www.suse.com/security/cve/CVE-2015-8140/", }, { category: "self", summary: "SUSE CVE CVE-2015-8158 page", url: "https://www.suse.com/security/cve/CVE-2015-8158/", }, ], title: "Security update for ntp", tracking: { current_release_date: "2016-05-17T09:29:35Z", generator: { date: "2016-05-17T09:29:35Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:1311-1", initial_release_date: "2016-05-17T09:29:35Z", revision_history: [ { date: "2016-05-17T09:29:35Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ntp-4.2.8p6-41.1.i586", product: { name: "ntp-4.2.8p6-41.1.i586", product_id: "ntp-4.2.8p6-41.1.i586", }, }, { category: "product_version", name: "ntp-doc-4.2.8p6-41.1.i586", product: { name: "ntp-doc-4.2.8p6-41.1.i586", product_id: "ntp-doc-4.2.8p6-41.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "yast2-ntp-client-2.17.14.1-1.12.1.noarch", product: { name: "yast2-ntp-client-2.17.14.1-1.12.1.noarch", product_id: "yast2-ntp-client-2.17.14.1-1.12.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p6-41.1.s390x", product: { name: "ntp-4.2.8p6-41.1.s390x", product_id: "ntp-4.2.8p6-41.1.s390x", }, }, { category: "product_version", name: "ntp-doc-4.2.8p6-41.1.s390x", product: { name: "ntp-doc-4.2.8p6-41.1.s390x", product_id: "ntp-doc-4.2.8p6-41.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p6-41.1.x86_64", product: { name: "ntp-4.2.8p6-41.1.x86_64", product_id: "ntp-4.2.8p6-41.1.x86_64", }, }, { category: "product_version", name: "ntp-doc-4.2.8p6-41.1.x86_64", product: { name: "ntp-doc-4.2.8p6-41.1.x86_64", product_id: "ntp-doc-4.2.8p6-41.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE OpenStack Cloud 5", product: { name: "SUSE OpenStack Cloud 5", product_id: "SUSE OpenStack Cloud 5", product_identification_helper: { cpe: "cpe:/o:suse:cloud:5", }, }, }, { category: "product_name", name: "SUSE Manager 2.1", product: { name: "SUSE Manager 2.1", product_id: "SUSE Manager 2.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:2.1", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 2.1", product: { name: "SUSE Manager Proxy 2.1", product_id: "SUSE Manager Proxy 2.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:2.1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles_ltss:11:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles_ltss:11:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product: { name: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA", product_identification_helper: { cpe: "cpe:/o:suse:sles:11:sp3:teradata", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.x86_64 as component of SUSE OpenStack Cloud 5", product_id: "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 5", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE OpenStack Cloud 5", product_id: "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-doc-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 5", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.s390x as component of SUSE Manager 2.1", product_id: "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", }, product_reference: "ntp-4.2.8p6-41.1.s390x", relates_to_product_reference: "SUSE Manager 2.1", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Manager 2.1", product_id: "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Manager 2.1", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.s390x as component of SUSE Manager 2.1", product_id: "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", }, product_reference: "ntp-doc-4.2.8p6-41.1.s390x", relates_to_product_reference: "SUSE Manager 2.1", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Manager 2.1", product_id: "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-doc-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Manager 2.1", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Manager Proxy 2.1", product_id: "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 2.1", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Manager Proxy 2.1", product_id: "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-doc-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 2.1", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", }, product_reference: "ntp-4.2.8p6-41.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", }, product_reference: "ntp-4.2.8p6-41.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", }, product_reference: "ntp-doc-4.2.8p6-41.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", }, product_reference: "ntp-doc-4.2.8p6-41.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-doc-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "yast2-ntp-client-2.17.14.1-1.12.1.noarch as component of SUSE Linux Enterprise Server 11 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", }, product_reference: "yast2-ntp-client-2.17.14.1-1.12.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", }, product_reference: "ntp-4.2.8p6-41.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", }, product_reference: "ntp-4.2.8p6-41.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", }, product_reference: "ntp-doc-4.2.8p6-41.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", }, product_reference: "ntp-doc-4.2.8p6-41.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-doc-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", }, product_reference: "ntp-4.2.8p6-41.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", }, product_reference: "ntp-4.2.8p6-41.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", }, product_reference: "ntp-doc-4.2.8p6-41.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", }, product_reference: "ntp-doc-4.2.8p6-41.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p6-41.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA", product_id: "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", }, product_reference: "ntp-doc-4.2.8p6-41.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP3-TERADATA", }, ], }, vulnerabilities: [ { cve: "CVE-2015-5194", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5194", }, ], notes: [ { category: "general", text: "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5194", url: "https://www.suse.com/security/cve/CVE-2015-5194", }, { category: "external", summary: "SUSE Bug 943216 for CVE-2015-5194", url: "https://bugzilla.suse.com/943216", }, { category: "external", summary: "SUSE Bug 943218 for CVE-2015-5194", url: "https://bugzilla.suse.com/943218", }, { category: "external", summary: "SUSE Bug 943219 for CVE-2015-5194", url: "https://bugzilla.suse.com/943219", }, { category: "external", summary: "SUSE Bug 943221 for CVE-2015-5194", url: "https://bugzilla.suse.com/943221", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-5194", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "low", }, ], title: "CVE-2015-5194", }, { cve: "CVE-2015-5219", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5219", }, ], notes: [ { category: "general", text: "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5219", url: "https://www.suse.com/security/cve/CVE-2015-5219", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-5219", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 943216 for CVE-2015-5219", url: "https://bugzilla.suse.com/943216", }, { category: "external", summary: "SUSE Bug 943218 for CVE-2015-5219", url: "https://bugzilla.suse.com/943218", }, { category: "external", summary: "SUSE Bug 943219 for CVE-2015-5219", url: "https://bugzilla.suse.com/943219", }, { category: "external", summary: "SUSE Bug 943221 for CVE-2015-5219", url: "https://bugzilla.suse.com/943221", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-5219", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "important", }, ], title: "CVE-2015-5219", }, { cve: "CVE-2015-5300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5300", }, ], notes: [ { category: "general", text: "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5300", url: "https://www.suse.com/security/cve/CVE-2015-5300", }, { category: "external", summary: "SUSE Bug 951629 for CVE-2015-5300", url: "https://bugzilla.suse.com/951629", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-5300", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962624 for CVE-2015-5300", url: "https://bugzilla.suse.com/962624", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-5300", }, { cve: "CVE-2015-7691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7691", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7691", url: "https://www.suse.com/security/cve/CVE-2015-7691", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7691", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7691", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7691", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7691", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7691", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "important", }, ], title: "CVE-2015-7691", }, { cve: "CVE-2015-7692", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7692", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7692", url: "https://www.suse.com/security/cve/CVE-2015-7692", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7692", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7692", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7692", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7692", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7692", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "important", }, ], title: "CVE-2015-7692", }, { cve: "CVE-2015-7701", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7701", }, ], notes: [ { category: "general", text: "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7701", url: "https://www.suse.com/security/cve/CVE-2015-7701", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7701", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7701", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7701", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7701", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "important", }, ], title: "CVE-2015-7701", }, { cve: "CVE-2015-7702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7702", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7702", url: "https://www.suse.com/security/cve/CVE-2015-7702", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7702", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7702", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7702", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7702", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7702", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "important", }, ], title: "CVE-2015-7702", }, { cve: "CVE-2015-7703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7703", }, ], notes: [ { category: "general", text: "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7703", url: "https://www.suse.com/security/cve/CVE-2015-7703", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7703", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 943216 for CVE-2015-7703", url: "https://bugzilla.suse.com/943216", }, { category: "external", summary: "SUSE Bug 943218 for CVE-2015-7703", url: "https://bugzilla.suse.com/943218", }, { category: "external", summary: "SUSE Bug 943219 for CVE-2015-7703", url: "https://bugzilla.suse.com/943219", }, { category: "external", summary: "SUSE Bug 943221 for CVE-2015-7703", url: "https://bugzilla.suse.com/943221", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7703", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7703", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7703", }, { cve: "CVE-2015-7704", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7704", }, ], notes: [ { category: "general", text: "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7704", url: "https://www.suse.com/security/cve/CVE-2015-7704", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7704", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7704", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952611 for CVE-2015-7704", url: "https://bugzilla.suse.com/952611", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7704", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2015-7704", url: "https://bugzilla.suse.com/977446", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "important", }, ], title: "CVE-2015-7704", }, { cve: "CVE-2015-7705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7705", }, ], notes: [ { category: "general", text: "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7705", url: "https://www.suse.com/security/cve/CVE-2015-7705", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7705", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7705", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952611 for CVE-2015-7705", url: "https://bugzilla.suse.com/952611", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7705", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "critical", }, ], title: "CVE-2015-7705", }, { cve: "CVE-2015-7848", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7848", }, ], notes: [ { category: "general", text: "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7848", url: "https://www.suse.com/security/cve/CVE-2015-7848", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7848", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7848", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7848", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7848", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7848", }, { cve: "CVE-2015-7849", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7849", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7849", url: "https://www.suse.com/security/cve/CVE-2015-7849", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7849", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7849", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7849", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7849", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "important", }, ], title: "CVE-2015-7849", }, { cve: "CVE-2015-7850", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7850", }, ], notes: [ { category: "general", text: "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7850", url: "https://www.suse.com/security/cve/CVE-2015-7850", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7850", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7850", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7850", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7850", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7850", }, { cve: "CVE-2015-7851", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7851", }, ], notes: [ { category: "general", text: "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7851", url: "https://www.suse.com/security/cve/CVE-2015-7851", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7851", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7851", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7851", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7851", }, { cve: "CVE-2015-7852", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7852", }, ], notes: [ { category: "general", text: "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7852", url: "https://www.suse.com/security/cve/CVE-2015-7852", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7852", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7852", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7852", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7852", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7852", }, { cve: "CVE-2015-7853", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7853", }, ], notes: [ { category: "general", text: "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7853", url: "https://www.suse.com/security/cve/CVE-2015-7853", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7853", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7853", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7853", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7853", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "critical", }, ], title: "CVE-2015-7853", }, { cve: "CVE-2015-7854", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7854", }, ], notes: [ { category: "general", text: "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7854", url: "https://www.suse.com/security/cve/CVE-2015-7854", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7854", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7854", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7854", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7854", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "important", }, ], title: "CVE-2015-7854", }, { cve: "CVE-2015-7855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7855", }, ], notes: [ { category: "general", text: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7855", url: "https://www.suse.com/security/cve/CVE-2015-7855", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7855", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7855", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7855", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7855", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7855", }, { cve: "CVE-2015-7871", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7871", }, ], notes: [ { category: "general", text: "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7871", url: "https://www.suse.com/security/cve/CVE-2015-7871", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7871", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7871", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952606 for CVE-2015-7871", url: "https://bugzilla.suse.com/952606", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7871", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "critical", }, ], title: "CVE-2015-7871", }, { cve: "CVE-2015-7973", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7973", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7973", url: "https://www.suse.com/security/cve/CVE-2015-7973", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7973", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7973", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7973", }, { cve: "CVE-2015-7974", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7974", }, ], notes: [ { category: "general", text: "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7974", url: "https://www.suse.com/security/cve/CVE-2015-7974", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7974", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962960 for CVE-2015-7974", url: "https://bugzilla.suse.com/962960", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7974", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "low", }, ], title: "CVE-2015-7974", }, { cve: "CVE-2015-7975", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7975", }, ], notes: [ { category: "general", text: "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7975", url: "https://www.suse.com/security/cve/CVE-2015-7975", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7975", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962988 for CVE-2015-7975", url: "https://bugzilla.suse.com/962988", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7975", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "low", }, ], title: "CVE-2015-7975", }, { cve: "CVE-2015-7976", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7976", }, ], notes: [ { category: "general", text: "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7976", url: "https://www.suse.com/security/cve/CVE-2015-7976", }, { category: "external", summary: "SUSE Bug 962802 for CVE-2015-7976", url: "https://bugzilla.suse.com/962802", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7976", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "low", }, ], title: "CVE-2015-7976", }, { cve: "CVE-2015-7977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7977", }, ], notes: [ { category: "general", text: "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7977", url: "https://www.suse.com/security/cve/CVE-2015-7977", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7977", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962970 for CVE-2015-7977", url: "https://bugzilla.suse.com/962970", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7977", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7977", }, { cve: "CVE-2015-7978", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7978", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7978", url: "https://www.suse.com/security/cve/CVE-2015-7978", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7978", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962970 for CVE-2015-7978", url: "https://bugzilla.suse.com/962970", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7978", url: "https://bugzilla.suse.com/962995", }, { category: "external", summary: "SUSE Bug 963000 for CVE-2015-7978", url: "https://bugzilla.suse.com/963000", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7978", }, { cve: "CVE-2015-7979", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7979", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7979", url: "https://www.suse.com/security/cve/CVE-2015-7979", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7979", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962784 for CVE-2015-7979", url: "https://bugzilla.suse.com/962784", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7979", url: "https://bugzilla.suse.com/962995", }, { category: "external", summary: "SUSE Bug 977459 for CVE-2015-7979", url: "https://bugzilla.suse.com/977459", }, { category: "external", summary: "SUSE Bug 982065 for CVE-2015-7979", url: "https://bugzilla.suse.com/982065", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-7979", }, { cve: "CVE-2015-8138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8138", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8138", url: "https://www.suse.com/security/cve/CVE-2015-8138", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-8138", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8138", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 963002 for CVE-2015-8138", url: "https://bugzilla.suse.com/963002", }, { category: "external", summary: "SUSE Bug 974668 for CVE-2015-8138", url: "https://bugzilla.suse.com/974668", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2015-8138", url: "https://bugzilla.suse.com/977446", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-8138", }, { cve: "CVE-2015-8139", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8139", }, ], notes: [ { category: "general", text: "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8139", url: "https://www.suse.com/security/cve/CVE-2015-8139", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-8139", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8139", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962997 for CVE-2015-8139", url: "https://bugzilla.suse.com/962997", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-8139", }, { cve: "CVE-2015-8140", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8140", }, ], notes: [ { category: "general", text: "The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8140", url: "https://www.suse.com/security/cve/CVE-2015-8140", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-8140", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8140", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962994 for CVE-2015-8140", url: "https://bugzilla.suse.com/962994", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "moderate", }, ], title: "CVE-2015-8140", }, { cve: "CVE-2015-8158", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8158", }, ], notes: [ { category: "general", text: "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8158", url: "https://www.suse.com/security/cve/CVE-2015-8158", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8158", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962966 for CVE-2015-8158", url: "https://bugzilla.suse.com/962966", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP2-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP2-LTSS:yast2-ntp-client-2.17.14.1-1.12.1.noarch", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-LTSS:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-4.2.8p6-41.1.x86_64", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.i586", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Linux Enterprise Server 11 SP3-TERADATA:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.s390x", "SUSE Manager 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-4.2.8p6-41.1.x86_64", "SUSE Manager Proxy 2.1:ntp-doc-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-4.2.8p6-41.1.x86_64", "SUSE OpenStack Cloud 5:ntp-doc-4.2.8p6-41.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-05-17T09:29:35Z", details: "low", }, ], title: "CVE-2015-8158", }, ], }
ghsa-wmrv-mc39-vj78
Vulnerability from github
Published
2022-05-13 01:10
Modified
2025-04-20 03:42
Severity ?
Details
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
{ affected: [], aliases: [ "CVE-2015-7855", ], database_specific: { cwe_ids: [ "CWE-20", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2017-08-07T20:29:00Z", severity: "MODERATE", }, details: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", id: "GHSA-wmrv-mc39-vj78", modified: "2025-04-20T03:42:20Z", published: "2022-05-13T01:10:46Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-7855", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { type: "WEB", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", }, { type: "WEB", url: "https://security.gentoo.org/glsa/201607-15", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20171004-0001", }, { type: "WEB", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, { type: "WEB", url: "https://www.exploit-db.com/exploits/40840", }, { type: "WEB", url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { type: "WEB", url: "http://www.debian.org/security/2015/dsa-3388", }, { type: "WEB", url: "http://www.securityfocus.com/bid/77283", }, { type: "WEB", url: "http://www.securitytracker.com/id/1033951", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
opensuse-su-2024:10181-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ntp-4.2.8p9-1.1 on GA media
Notes
Title of the patch
ntp-4.2.8p9-1.1 on GA media
Description of the patch
These are all security issues fixed in the ntp-4.2.8p9-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10181
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "ntp-4.2.8p9-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the ntp-4.2.8p9-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10181", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10181-1.json", }, { category: "self", summary: "SUSE CVE CVE-2009-0159 page", url: "https://www.suse.com/security/cve/CVE-2009-0159/", }, { category: "self", summary: "SUSE CVE CVE-2009-1252 page", url: "https://www.suse.com/security/cve/CVE-2009-1252/", }, { category: "self", summary: "SUSE CVE CVE-2013-5211 page", url: "https://www.suse.com/security/cve/CVE-2013-5211/", }, { category: "self", summary: "SUSE CVE CVE-2014-9293 page", url: "https://www.suse.com/security/cve/CVE-2014-9293/", }, { category: "self", summary: "SUSE CVE CVE-2014-9294 page", url: "https://www.suse.com/security/cve/CVE-2014-9294/", }, { category: "self", summary: "SUSE CVE CVE-2014-9295 page", url: "https://www.suse.com/security/cve/CVE-2014-9295/", }, { category: "self", summary: "SUSE CVE CVE-2014-9296 page", url: "https://www.suse.com/security/cve/CVE-2014-9296/", }, { category: "self", summary: "SUSE CVE CVE-2014-9297 page", url: "https://www.suse.com/security/cve/CVE-2014-9297/", }, { category: "self", summary: "SUSE CVE CVE-2014-9298 page", url: "https://www.suse.com/security/cve/CVE-2014-9298/", }, { category: "self", summary: "SUSE CVE CVE-2015-1798 page", url: "https://www.suse.com/security/cve/CVE-2015-1798/", }, { category: "self", summary: "SUSE CVE CVE-2015-1799 page", url: "https://www.suse.com/security/cve/CVE-2015-1799/", }, { category: "self", summary: "SUSE CVE CVE-2015-5300 page", url: "https://www.suse.com/security/cve/CVE-2015-5300/", }, { category: "self", summary: "SUSE CVE CVE-2015-7691 page", url: "https://www.suse.com/security/cve/CVE-2015-7691/", }, { category: "self", summary: "SUSE CVE CVE-2015-7692 page", url: "https://www.suse.com/security/cve/CVE-2015-7692/", }, { category: "self", summary: "SUSE CVE CVE-2015-7701 page", url: "https://www.suse.com/security/cve/CVE-2015-7701/", }, { category: "self", summary: "SUSE CVE CVE-2015-7702 page", url: "https://www.suse.com/security/cve/CVE-2015-7702/", }, { category: "self", summary: "SUSE CVE CVE-2015-7703 page", url: "https://www.suse.com/security/cve/CVE-2015-7703/", }, { category: "self", summary: "SUSE CVE CVE-2015-7704 page", url: "https://www.suse.com/security/cve/CVE-2015-7704/", }, { category: "self", summary: "SUSE CVE CVE-2015-7705 page", url: "https://www.suse.com/security/cve/CVE-2015-7705/", }, { category: "self", summary: "SUSE CVE CVE-2015-7848 page", url: "https://www.suse.com/security/cve/CVE-2015-7848/", }, { category: "self", summary: "SUSE CVE CVE-2015-7849 page", url: "https://www.suse.com/security/cve/CVE-2015-7849/", }, { category: "self", summary: "SUSE CVE CVE-2015-7850 page", url: "https://www.suse.com/security/cve/CVE-2015-7850/", }, { category: "self", summary: "SUSE CVE CVE-2015-7851 page", url: "https://www.suse.com/security/cve/CVE-2015-7851/", }, { category: "self", summary: "SUSE CVE CVE-2015-7852 page", url: "https://www.suse.com/security/cve/CVE-2015-7852/", }, { category: "self", summary: "SUSE CVE CVE-2015-7853 page", url: "https://www.suse.com/security/cve/CVE-2015-7853/", }, { category: "self", summary: "SUSE CVE CVE-2015-7854 page", url: "https://www.suse.com/security/cve/CVE-2015-7854/", }, { category: "self", summary: "SUSE CVE CVE-2015-7855 page", url: "https://www.suse.com/security/cve/CVE-2015-7855/", }, { category: "self", summary: "SUSE CVE CVE-2015-7871 page", url: "https://www.suse.com/security/cve/CVE-2015-7871/", }, { category: "self", summary: "SUSE CVE CVE-2015-7973 page", url: "https://www.suse.com/security/cve/CVE-2015-7973/", }, { category: "self", summary: "SUSE CVE CVE-2015-7974 page", url: "https://www.suse.com/security/cve/CVE-2015-7974/", }, { category: "self", summary: "SUSE CVE CVE-2015-7975 page", url: "https://www.suse.com/security/cve/CVE-2015-7975/", }, { category: "self", summary: "SUSE CVE CVE-2015-7976 page", url: "https://www.suse.com/security/cve/CVE-2015-7976/", }, { category: "self", summary: "SUSE CVE CVE-2015-7977 page", url: "https://www.suse.com/security/cve/CVE-2015-7977/", }, { category: "self", summary: "SUSE CVE CVE-2015-7978 page", url: "https://www.suse.com/security/cve/CVE-2015-7978/", }, { category: "self", summary: "SUSE CVE CVE-2015-7979 page", url: "https://www.suse.com/security/cve/CVE-2015-7979/", }, { category: "self", summary: "SUSE CVE CVE-2015-8138 page", url: "https://www.suse.com/security/cve/CVE-2015-8138/", }, { category: "self", summary: "SUSE CVE CVE-2015-8158 page", url: "https://www.suse.com/security/cve/CVE-2015-8158/", }, { category: "self", summary: "SUSE CVE CVE-2016-1547 page", url: "https://www.suse.com/security/cve/CVE-2016-1547/", }, { category: "self", summary: "SUSE CVE CVE-2016-1548 page", url: "https://www.suse.com/security/cve/CVE-2016-1548/", }, { category: "self", summary: "SUSE CVE CVE-2016-1549 page", url: "https://www.suse.com/security/cve/CVE-2016-1549/", }, { category: "self", summary: "SUSE CVE CVE-2016-1550 page", url: "https://www.suse.com/security/cve/CVE-2016-1550/", }, { category: "self", summary: "SUSE CVE CVE-2016-1551 page", url: "https://www.suse.com/security/cve/CVE-2016-1551/", }, { category: "self", summary: "SUSE CVE CVE-2016-2516 page", url: "https://www.suse.com/security/cve/CVE-2016-2516/", }, { category: "self", summary: "SUSE CVE CVE-2016-2517 page", url: "https://www.suse.com/security/cve/CVE-2016-2517/", }, { category: "self", summary: "SUSE CVE CVE-2016-2518 page", url: "https://www.suse.com/security/cve/CVE-2016-2518/", }, { category: "self", summary: "SUSE CVE CVE-2016-2519 page", url: "https://www.suse.com/security/cve/CVE-2016-2519/", }, { category: "self", summary: "SUSE CVE CVE-2016-4953 page", url: "https://www.suse.com/security/cve/CVE-2016-4953/", }, { category: "self", summary: "SUSE CVE CVE-2016-4954 page", url: "https://www.suse.com/security/cve/CVE-2016-4954/", }, { category: "self", summary: "SUSE CVE CVE-2016-4955 page", url: "https://www.suse.com/security/cve/CVE-2016-4955/", }, { category: "self", summary: "SUSE CVE CVE-2016-4956 page", url: "https://www.suse.com/security/cve/CVE-2016-4956/", }, { category: "self", summary: "SUSE CVE CVE-2016-4957 page", url: "https://www.suse.com/security/cve/CVE-2016-4957/", }, { category: "self", summary: "SUSE CVE CVE-2016-7426 page", url: "https://www.suse.com/security/cve/CVE-2016-7426/", }, { category: "self", summary: "SUSE CVE CVE-2016-7427 page", url: "https://www.suse.com/security/cve/CVE-2016-7427/", }, { category: "self", summary: "SUSE CVE CVE-2016-7428 page", url: "https://www.suse.com/security/cve/CVE-2016-7428/", }, { category: "self", summary: "SUSE CVE CVE-2016-7429 page", url: "https://www.suse.com/security/cve/CVE-2016-7429/", }, { category: "self", summary: "SUSE CVE CVE-2016-7431 page", url: "https://www.suse.com/security/cve/CVE-2016-7431/", }, { category: "self", summary: "SUSE CVE CVE-2016-7433 page", url: "https://www.suse.com/security/cve/CVE-2016-7433/", }, { category: "self", summary: "SUSE CVE CVE-2016-7434 page", url: "https://www.suse.com/security/cve/CVE-2016-7434/", }, { category: "self", summary: "SUSE CVE CVE-2016-9310 page", url: "https://www.suse.com/security/cve/CVE-2016-9310/", }, { category: "self", summary: "SUSE CVE CVE-2016-9311 page", url: "https://www.suse.com/security/cve/CVE-2016-9311/", }, ], title: "ntp-4.2.8p9-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10181-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "ntp-4.2.8p9-1.1.aarch64", product: { name: "ntp-4.2.8p9-1.1.aarch64", product_id: "ntp-4.2.8p9-1.1.aarch64", }, }, { category: "product_version", name: "ntp-doc-4.2.8p9-1.1.aarch64", product: { name: "ntp-doc-4.2.8p9-1.1.aarch64", product_id: "ntp-doc-4.2.8p9-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p9-1.1.ppc64le", product: { name: "ntp-4.2.8p9-1.1.ppc64le", product_id: "ntp-4.2.8p9-1.1.ppc64le", }, }, { category: "product_version", name: "ntp-doc-4.2.8p9-1.1.ppc64le", product: { name: "ntp-doc-4.2.8p9-1.1.ppc64le", product_id: "ntp-doc-4.2.8p9-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p9-1.1.s390x", product: { name: "ntp-4.2.8p9-1.1.s390x", product_id: "ntp-4.2.8p9-1.1.s390x", }, }, { category: "product_version", name: "ntp-doc-4.2.8p9-1.1.s390x", product: { name: "ntp-doc-4.2.8p9-1.1.s390x", product_id: "ntp-doc-4.2.8p9-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ntp-4.2.8p9-1.1.x86_64", product: { name: "ntp-4.2.8p9-1.1.x86_64", product_id: "ntp-4.2.8p9-1.1.x86_64", }, }, { category: "product_version", name: "ntp-doc-4.2.8p9-1.1.x86_64", product: { name: "ntp-doc-4.2.8p9-1.1.x86_64", product_id: "ntp-doc-4.2.8p9-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", }, product_reference: "ntp-4.2.8p9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", }, product_reference: "ntp-4.2.8p9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", }, product_reference: "ntp-4.2.8p9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ntp-4.2.8p9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", }, product_reference: "ntp-4.2.8p9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", }, product_reference: "ntp-doc-4.2.8p9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", }, product_reference: "ntp-doc-4.2.8p9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", }, product_reference: "ntp-doc-4.2.8p9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "ntp-doc-4.2.8p9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", }, product_reference: "ntp-doc-4.2.8p9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2009-0159", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-0159", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-0159", url: "https://www.suse.com/security/cve/CVE-2009-0159", }, { category: "external", summary: "SUSE Bug 484653 for CVE-2009-0159", url: "https://bugzilla.suse.com/484653", }, { category: "external", summary: "SUSE Bug 501632 for CVE-2009-0159", url: "https://bugzilla.suse.com/501632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-0159", }, { cve: "CVE-2009-1252", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-1252", }, ], notes: [ { category: "general", text: "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-1252", url: "https://www.suse.com/security/cve/CVE-2009-1252", }, { category: "external", summary: "SUSE Bug 501632 for CVE-2009-1252", url: "https://bugzilla.suse.com/501632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-1252", }, { cve: "CVE-2013-5211", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-5211", }, ], notes: [ { category: "general", text: "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-5211", url: "https://www.suse.com/security/cve/CVE-2013-5211", }, { category: "external", summary: "SUSE Bug 857195 for CVE-2013-5211", url: "https://bugzilla.suse.com/857195", }, { category: "external", summary: "SUSE Bug 889447 for CVE-2013-5211", url: "https://bugzilla.suse.com/889447", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2013-5211", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2013-5211", }, { cve: "CVE-2014-9293", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9293", }, ], notes: [ { category: "general", text: "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9293", url: "https://www.suse.com/security/cve/CVE-2014-9293", }, { category: "external", summary: "SUSE Bug 910764 for CVE-2014-9293", url: "https://bugzilla.suse.com/910764", }, { category: "external", summary: "SUSE Bug 911053 for CVE-2014-9293", url: "https://bugzilla.suse.com/911053", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2014-9293", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2014-9293", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-9293", }, { cve: "CVE-2014-9294", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9294", }, ], notes: [ { category: "general", text: "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9294", url: "https://www.suse.com/security/cve/CVE-2014-9294", }, { category: "external", summary: "SUSE Bug 910764 for CVE-2014-9294", url: "https://bugzilla.suse.com/910764", }, { category: "external", summary: "SUSE Bug 911053 for CVE-2014-9294", url: "https://bugzilla.suse.com/911053", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2014-9294", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2014-9294", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-9294", }, { cve: "CVE-2014-9295", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9295", }, ], notes: [ { category: "general", text: "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9295", url: "https://www.suse.com/security/cve/CVE-2014-9295", }, { category: "external", summary: "SUSE Bug 910764 for CVE-2014-9295", url: "https://bugzilla.suse.com/910764", }, { category: "external", summary: "SUSE Bug 911053 for CVE-2014-9295", url: "https://bugzilla.suse.com/911053", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2014-9295", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 916239 for CVE-2014-9295", url: "https://bugzilla.suse.com/916239", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2014-9295", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-9295", }, { cve: "CVE-2014-9296", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9296", }, ], notes: [ { category: "general", text: "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9296", url: "https://www.suse.com/security/cve/CVE-2014-9296", }, { category: "external", summary: "SUSE Bug 910764 for CVE-2014-9296", url: "https://bugzilla.suse.com/910764", }, { category: "external", summary: "SUSE Bug 911053 for CVE-2014-9296", url: "https://bugzilla.suse.com/911053", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2014-9296", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2014-9296", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2014-9296", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-9296", }, { cve: "CVE-2014-9297", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9297", }, ], notes: [ { category: "general", text: "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9297", url: "https://www.suse.com/security/cve/CVE-2014-9297", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2014-9297", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 948963 for CVE-2014-9297", url: "https://bugzilla.suse.com/948963", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2014-9297", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-9297", }, { cve: "CVE-2014-9298", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2014-9298", }, ], notes: [ { category: "general", text: "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2014-9298", url: "https://www.suse.com/security/cve/CVE-2014-9298", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2014-9298", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 948963 for CVE-2014-9298", url: "https://bugzilla.suse.com/948963", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2014-9298", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2014-9298", }, { cve: "CVE-2015-1798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1798", }, ], notes: [ { category: "general", text: "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1798", url: "https://www.suse.com/security/cve/CVE-2015-1798", }, { category: "external", summary: "SUSE Bug 924202 for CVE-2015-1798", url: "https://bugzilla.suse.com/924202", }, { category: "external", summary: "SUSE Bug 927497 for CVE-2015-1798", url: "https://bugzilla.suse.com/927497", }, { category: "external", summary: "SUSE Bug 928321 for CVE-2015-1798", url: "https://bugzilla.suse.com/928321", }, { category: "external", summary: "SUSE Bug 936327 for CVE-2015-1798", url: "https://bugzilla.suse.com/936327", }, { category: "external", summary: "SUSE Bug 957163 for CVE-2015-1798", url: "https://bugzilla.suse.com/957163", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-1798", }, { cve: "CVE-2015-1799", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1799", }, ], notes: [ { category: "general", text: "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1799", url: "https://www.suse.com/security/cve/CVE-2015-1799", }, { category: "external", summary: "SUSE Bug 924202 for CVE-2015-1799", url: "https://bugzilla.suse.com/924202", }, { category: "external", summary: "SUSE Bug 927497 for CVE-2015-1799", url: "https://bugzilla.suse.com/927497", }, { category: "external", summary: "SUSE Bug 928321 for CVE-2015-1799", url: "https://bugzilla.suse.com/928321", }, { category: "external", summary: "SUSE Bug 936327 for CVE-2015-1799", url: "https://bugzilla.suse.com/936327", }, { category: "external", summary: "SUSE Bug 943565 for CVE-2015-1799", url: "https://bugzilla.suse.com/943565", }, { category: "external", summary: "SUSE Bug 957163 for CVE-2015-1799", url: "https://bugzilla.suse.com/957163", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-1799", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962624 for CVE-2015-1799", url: "https://bugzilla.suse.com/962624", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-1799", }, { cve: "CVE-2015-5300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-5300", }, ], notes: [ { category: "general", text: "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-5300", url: "https://www.suse.com/security/cve/CVE-2015-5300", }, { category: "external", summary: "SUSE Bug 951629 for CVE-2015-5300", url: "https://bugzilla.suse.com/951629", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-5300", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962624 for CVE-2015-5300", url: "https://bugzilla.suse.com/962624", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-5300", }, { cve: "CVE-2015-7691", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7691", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7691", url: "https://www.suse.com/security/cve/CVE-2015-7691", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7691", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7691", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7691", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7691", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7691", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-7691", }, { cve: "CVE-2015-7692", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7692", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7692", url: "https://www.suse.com/security/cve/CVE-2015-7692", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7692", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7692", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7692", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7692", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7692", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-7692", }, { cve: "CVE-2015-7701", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7701", }, ], notes: [ { category: "general", text: "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7701", url: "https://www.suse.com/security/cve/CVE-2015-7701", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7701", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7701", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7701", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7701", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-7701", }, { cve: "CVE-2015-7702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7702", }, ], notes: [ { category: "general", text: "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7702", url: "https://www.suse.com/security/cve/CVE-2015-7702", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7702", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 911792 for CVE-2015-7702", url: "https://bugzilla.suse.com/911792", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7702", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7702", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7702", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-7702", }, { cve: "CVE-2015-7703", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7703", }, ], notes: [ { category: "general", text: "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7703", url: "https://www.suse.com/security/cve/CVE-2015-7703", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7703", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 943216 for CVE-2015-7703", url: "https://bugzilla.suse.com/943216", }, { category: "external", summary: "SUSE Bug 943218 for CVE-2015-7703", url: "https://bugzilla.suse.com/943218", }, { category: "external", summary: "SUSE Bug 943219 for CVE-2015-7703", url: "https://bugzilla.suse.com/943219", }, { category: "external", summary: "SUSE Bug 943221 for CVE-2015-7703", url: "https://bugzilla.suse.com/943221", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7703", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7703", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7703", }, { cve: "CVE-2015-7704", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7704", }, ], notes: [ { category: "general", text: "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7704", url: "https://www.suse.com/security/cve/CVE-2015-7704", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7704", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7704", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952611 for CVE-2015-7704", url: "https://bugzilla.suse.com/952611", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7704", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2015-7704", url: "https://bugzilla.suse.com/977446", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-7704", }, { cve: "CVE-2015-7705", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7705", }, ], notes: [ { category: "general", text: "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7705", url: "https://www.suse.com/security/cve/CVE-2015-7705", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7705", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7705", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952611 for CVE-2015-7705", url: "https://bugzilla.suse.com/952611", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7705", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2015-7705", }, { cve: "CVE-2015-7848", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7848", }, ], notes: [ { category: "general", text: "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7848", url: "https://www.suse.com/security/cve/CVE-2015-7848", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7848", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7848", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7848", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7848", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7848", }, { cve: "CVE-2015-7849", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7849", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7849", url: "https://www.suse.com/security/cve/CVE-2015-7849", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7849", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7849", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7849", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7849", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-7849", }, { cve: "CVE-2015-7850", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7850", }, ], notes: [ { category: "general", text: "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7850", url: "https://www.suse.com/security/cve/CVE-2015-7850", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7850", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7850", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7850", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7850", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7850", }, { cve: "CVE-2015-7851", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7851", }, ], notes: [ { category: "general", text: "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7851", url: "https://www.suse.com/security/cve/CVE-2015-7851", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7851", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7851", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7851", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7851", }, { cve: "CVE-2015-7852", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7852", }, ], notes: [ { category: "general", text: "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7852", url: "https://www.suse.com/security/cve/CVE-2015-7852", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7852", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7852", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7852", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7852", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7852", }, { cve: "CVE-2015-7853", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7853", }, ], notes: [ { category: "general", text: "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7853", url: "https://www.suse.com/security/cve/CVE-2015-7853", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7853", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7853", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7853", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7853", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2015-7853", }, { cve: "CVE-2015-7854", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7854", }, ], notes: [ { category: "general", text: "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7854", url: "https://www.suse.com/security/cve/CVE-2015-7854", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7854", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7854", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7854", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7854", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2015-7854", }, { cve: "CVE-2015-7855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7855", }, ], notes: [ { category: "general", text: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7855", url: "https://www.suse.com/security/cve/CVE-2015-7855", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7855", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7855", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7855", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 992991 for CVE-2015-7855", url: "https://bugzilla.suse.com/992991", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7855", }, { cve: "CVE-2015-7871", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7871", }, ], notes: [ { category: "general", text: "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7871", url: "https://www.suse.com/security/cve/CVE-2015-7871", }, { category: "external", summary: "SUSE Bug 1010964 for CVE-2015-7871", url: "https://bugzilla.suse.com/1010964", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-7871", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 952606 for CVE-2015-7871", url: "https://bugzilla.suse.com/952606", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7871", url: "https://bugzilla.suse.com/959243", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2015-7871", }, { cve: "CVE-2015-7973", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7973", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7973", url: "https://www.suse.com/security/cve/CVE-2015-7973", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7973", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7973", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7973", }, { cve: "CVE-2015-7974", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7974", }, ], notes: [ { category: "general", text: "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7974", url: "https://www.suse.com/security/cve/CVE-2015-7974", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7974", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962960 for CVE-2015-7974", url: "https://bugzilla.suse.com/962960", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7974", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7974", }, { cve: "CVE-2015-7975", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7975", }, ], notes: [ { category: "general", text: "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7975", url: "https://www.suse.com/security/cve/CVE-2015-7975", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7975", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962988 for CVE-2015-7975", url: "https://bugzilla.suse.com/962988", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7975", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7975", }, { cve: "CVE-2015-7976", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7976", }, ], notes: [ { category: "general", text: "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7976", url: "https://www.suse.com/security/cve/CVE-2015-7976", }, { category: "external", summary: "SUSE Bug 962802 for CVE-2015-7976", url: "https://bugzilla.suse.com/962802", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7976", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-7976", }, { cve: "CVE-2015-7977", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7977", }, ], notes: [ { category: "general", text: "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7977", url: "https://www.suse.com/security/cve/CVE-2015-7977", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7977", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962970 for CVE-2015-7977", url: "https://bugzilla.suse.com/962970", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7977", url: "https://bugzilla.suse.com/962995", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7977", }, { cve: "CVE-2015-7978", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7978", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7978", url: "https://www.suse.com/security/cve/CVE-2015-7978", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7978", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962970 for CVE-2015-7978", url: "https://bugzilla.suse.com/962970", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7978", url: "https://bugzilla.suse.com/962995", }, { category: "external", summary: "SUSE Bug 963000 for CVE-2015-7978", url: "https://bugzilla.suse.com/963000", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7978", }, { cve: "CVE-2015-7979", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7979", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7979", url: "https://www.suse.com/security/cve/CVE-2015-7979", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-7979", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962784 for CVE-2015-7979", url: "https://bugzilla.suse.com/962784", }, { category: "external", summary: "SUSE Bug 962995 for CVE-2015-7979", url: "https://bugzilla.suse.com/962995", }, { category: "external", summary: "SUSE Bug 977459 for CVE-2015-7979", url: "https://bugzilla.suse.com/977459", }, { category: "external", summary: "SUSE Bug 982065 for CVE-2015-7979", url: "https://bugzilla.suse.com/982065", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-7979", }, { cve: "CVE-2015-8138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8138", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8138", url: "https://www.suse.com/security/cve/CVE-2015-8138", }, { category: "external", summary: "SUSE Bug 951608 for CVE-2015-8138", url: "https://bugzilla.suse.com/951608", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8138", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 963002 for CVE-2015-8138", url: "https://bugzilla.suse.com/963002", }, { category: "external", summary: "SUSE Bug 974668 for CVE-2015-8138", url: "https://bugzilla.suse.com/974668", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2015-8138", url: "https://bugzilla.suse.com/977446", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-8138", }, { cve: "CVE-2015-8158", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8158", }, ], notes: [ { category: "general", text: "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8158", url: "https://www.suse.com/security/cve/CVE-2015-8158", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2015-8158", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 962966 for CVE-2015-8158", url: "https://bugzilla.suse.com/962966", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2015-8158", }, { cve: "CVE-2016-1547", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1547", }, ], notes: [ { category: "general", text: "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1547", url: "https://www.suse.com/security/cve/CVE-2016-1547", }, { category: "external", summary: "SUSE Bug 962784 for CVE-2016-1547", url: "https://bugzilla.suse.com/962784", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-1547", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977459 for CVE-2016-1547", url: "https://bugzilla.suse.com/977459", }, { category: "external", summary: "SUSE Bug 982064 for CVE-2016-1547", url: "https://bugzilla.suse.com/982064", }, { category: "external", summary: "SUSE Bug 982065 for CVE-2016-1547", url: "https://bugzilla.suse.com/982065", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-1547", }, { cve: "CVE-2016-1548", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1548", }, ], notes: [ { category: "general", text: "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1548", url: "https://www.suse.com/security/cve/CVE-2016-1548", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2016-1548", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-1548", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977461 for CVE-2016-1548", url: "https://bugzilla.suse.com/977461", }, { category: "external", summary: "SUSE Bug 982068 for CVE-2016-1548", url: "https://bugzilla.suse.com/982068", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-1548", }, { cve: "CVE-2016-1549", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1549", }, ], notes: [ { category: "general", text: "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1549", url: "https://www.suse.com/security/cve/CVE-2016-1549", }, { category: "external", summary: "SUSE Bug 1083424 for CVE-2016-1549", url: "https://bugzilla.suse.com/1083424", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-1549", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977451 for CVE-2016-1549", url: "https://bugzilla.suse.com/977451", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-1549", }, { cve: "CVE-2016-1550", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1550", }, ], notes: [ { category: "general", text: "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1550", url: "https://www.suse.com/security/cve/CVE-2016-1550", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-1550", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977464 for CVE-2016-1550", url: "https://bugzilla.suse.com/977464", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-1550", }, { cve: "CVE-2016-1551", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1551", }, ], notes: [ { category: "general", text: "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1551", url: "https://www.suse.com/security/cve/CVE-2016-1551", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-1551", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977450 for CVE-2016-1551", url: "https://bugzilla.suse.com/977450", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-1551", }, { cve: "CVE-2016-2516", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2516", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2516", url: "https://www.suse.com/security/cve/CVE-2016-2516", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-2516", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977452 for CVE-2016-2516", url: "https://bugzilla.suse.com/977452", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-2516", }, { cve: "CVE-2016-2517", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2517", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2517", url: "https://www.suse.com/security/cve/CVE-2016-2517", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-2517", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977455 for CVE-2016-2517", url: "https://bugzilla.suse.com/977455", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-2517", }, { cve: "CVE-2016-2518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2518", }, ], notes: [ { category: "general", text: "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2518", url: "https://www.suse.com/security/cve/CVE-2016-2518", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-2518", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977457 for CVE-2016-2518", url: "https://bugzilla.suse.com/977457", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-2518", }, { cve: "CVE-2016-2519", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2519", }, ], notes: [ { category: "general", text: "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2519", url: "https://www.suse.com/security/cve/CVE-2016-2519", }, { category: "external", summary: "SUSE Bug 959243 for CVE-2016-2519", url: "https://bugzilla.suse.com/959243", }, { category: "external", summary: "SUSE Bug 977446 for CVE-2016-2519", url: "https://bugzilla.suse.com/977446", }, { category: "external", summary: "SUSE Bug 977458 for CVE-2016-2519", url: "https://bugzilla.suse.com/977458", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-2519", }, { cve: "CVE-2016-4953", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4953", }, ], notes: [ { category: "general", text: "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4953", url: "https://www.suse.com/security/cve/CVE-2016-4953", }, { category: "external", summary: "SUSE Bug 962784 for CVE-2016-4953", url: "https://bugzilla.suse.com/962784", }, { category: "external", summary: "SUSE Bug 977459 for CVE-2016-4953", url: "https://bugzilla.suse.com/977459", }, { category: "external", summary: "SUSE Bug 982056 for CVE-2016-4953", url: "https://bugzilla.suse.com/982056", }, { category: "external", summary: "SUSE Bug 982065 for CVE-2016-4953", url: "https://bugzilla.suse.com/982065", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4953", }, { cve: "CVE-2016-4954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4954", }, ], notes: [ { category: "general", text: "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4954", url: "https://www.suse.com/security/cve/CVE-2016-4954", }, { category: "external", summary: "SUSE Bug 982056 for CVE-2016-4954", url: "https://bugzilla.suse.com/982056", }, { category: "external", summary: "SUSE Bug 982066 for CVE-2016-4954", url: "https://bugzilla.suse.com/982066", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-4954", }, { cve: "CVE-2016-4955", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4955", }, ], notes: [ { category: "general", text: "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4955", url: "https://www.suse.com/security/cve/CVE-2016-4955", }, { category: "external", summary: "SUSE Bug 982056 for CVE-2016-4955", url: "https://bugzilla.suse.com/982056", }, { category: "external", summary: "SUSE Bug 982067 for CVE-2016-4955", url: "https://bugzilla.suse.com/982067", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-4955", }, { cve: "CVE-2016-4956", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4956", }, ], notes: [ { category: "general", text: "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4956", url: "https://www.suse.com/security/cve/CVE-2016-4956", }, { category: "external", summary: "SUSE Bug 977461 for CVE-2016-4956", url: "https://bugzilla.suse.com/977461", }, { category: "external", summary: "SUSE Bug 982056 for CVE-2016-4956", url: "https://bugzilla.suse.com/982056", }, { category: "external", summary: "SUSE Bug 982068 for CVE-2016-4956", url: "https://bugzilla.suse.com/982068", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-4956", }, { cve: "CVE-2016-4957", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4957", }, ], notes: [ { category: "general", text: "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4957", url: "https://www.suse.com/security/cve/CVE-2016-4957", }, { category: "external", summary: "SUSE Bug 977459 for CVE-2016-4957", url: "https://bugzilla.suse.com/977459", }, { category: "external", summary: "SUSE Bug 982056 for CVE-2016-4957", url: "https://bugzilla.suse.com/982056", }, { category: "external", summary: "SUSE Bug 982064 for CVE-2016-4957", url: "https://bugzilla.suse.com/982064", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4957", }, { cve: "CVE-2016-7426", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7426", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7426", url: "https://www.suse.com/security/cve/CVE-2016-7426", }, { category: "external", summary: "SUSE Bug 1011406 for CVE-2016-7426", url: "https://bugzilla.suse.com/1011406", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-7426", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-7426", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7426", }, { cve: "CVE-2016-7427", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7427", }, ], notes: [ { category: "general", text: "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7427", url: "https://www.suse.com/security/cve/CVE-2016-7427", }, { category: "external", summary: "SUSE Bug 1011390 for CVE-2016-7427", url: "https://bugzilla.suse.com/1011390", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-7427", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-7427", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-7427", }, { cve: "CVE-2016-7428", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7428", }, ], notes: [ { category: "general", text: "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7428", url: "https://www.suse.com/security/cve/CVE-2016-7428", }, { category: "external", summary: "SUSE Bug 1011417 for CVE-2016-7428", url: "https://bugzilla.suse.com/1011417", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-7428", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-7428", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7428", }, { cve: "CVE-2016-7429", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7429", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7429", url: "https://www.suse.com/security/cve/CVE-2016-7429", }, { category: "external", summary: "SUSE Bug 1011404 for CVE-2016-7429", url: "https://bugzilla.suse.com/1011404", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-7429", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-7429", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-7429", }, { cve: "CVE-2016-7431", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7431", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7431", url: "https://www.suse.com/security/cve/CVE-2016-7431", }, { category: "external", summary: "SUSE Bug 1011395 for CVE-2016-7431", url: "https://bugzilla.suse.com/1011395", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-7431", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-7431", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7431", }, { cve: "CVE-2016-7433", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7433", }, ], notes: [ { category: "general", text: "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7433", url: "https://www.suse.com/security/cve/CVE-2016-7433", }, { category: "external", summary: "SUSE Bug 1011411 for CVE-2016-7433", url: "https://bugzilla.suse.com/1011411", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-7433", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-7433", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2016-7433", }, { cve: "CVE-2016-7434", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7434", }, ], notes: [ { category: "general", text: "The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7434", url: "https://www.suse.com/security/cve/CVE-2016-7434", }, { category: "external", summary: "SUSE Bug 1011398 for CVE-2016-7434", url: "https://bugzilla.suse.com/1011398", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-7434", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-7434", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-7434", }, { cve: "CVE-2016-9310", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9310", }, ], notes: [ { category: "general", text: "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9310", url: "https://www.suse.com/security/cve/CVE-2016-9310", }, { category: "external", summary: "SUSE Bug 1011377 for CVE-2016-9310", url: "https://bugzilla.suse.com/1011377", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-9310", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-9310", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-9310", }, { cve: "CVE-2016-9311", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9311", }, ], notes: [ { category: "general", text: "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9311", url: "https://www.suse.com/security/cve/CVE-2016-9311", }, { category: "external", summary: "SUSE Bug 1011377 for CVE-2016-9311", url: "https://bugzilla.suse.com/1011377", }, { category: "external", summary: "SUSE Bug 1011421 for CVE-2016-9311", url: "https://bugzilla.suse.com/1011421", }, { category: "external", summary: "SUSE Bug 1012330 for CVE-2016-9311", url: "https://bugzilla.suse.com/1012330", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-4.2.8p9-1.1.x86_64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.aarch64", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.ppc64le", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.s390x", "openSUSE Tumbleweed:ntp-doc-4.2.8p9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-9311", }, ], }
icsa-21-103-11
Vulnerability from csaf_cisa
Published
2021-04-13 00:00
Modified
2021-04-13 00:00
Summary
ICSA-21-103-11_Siemens TIM 4R-IE Devices
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Siemens reported these vulnerabilities to CISA.
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "summary", text: "Siemens reported these vulnerabilities to CISA.", title: "Summary", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "CISAservicedesk@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "ICS Advisory ICSA-21-103-11 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-103-11.json", }, { category: "self", summary: "ICS Advisory ICSA-21-103-11 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-11", }, ], title: "ICSA-21-103-11_Siemens TIM 4R-IE Devices", tracking: { current_release_date: "2021-04-13T00:00:00.000000Z", generator: { engine: { name: "CISA USCert CSAF Generator", version: "1", }, }, id: "ICSA-21-103-11", initial_release_date: "2021-04-13T00:00:00.000000Z", revision_history: [ { date: "2021-04-13T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-103-11 Siemens TIM 4R-IE Devices", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "vers:all/*", product: { name: "TIM 4R-IE DNP3 (incl. SIPLUS NET variants): All versions", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "TIM 4R-IE DNP3 (incl. SIPLUS NET variants)", }, { branches: [ { category: "product_version", name: "vers:all/*", product: { name: "TIM 4R-IE (incl. SIPLUS NET variants): All versions", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "TIM 4R-IE (incl. SIPLUS NET variants)", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2015-5219", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.CVE-2015-5219 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-5219", }, { cve: "CVE-2015-7855", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.CVE-2015-7855 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7855", }, { cve: "CVE-2015-7871", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. CVE-2015-7871 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7871", }, { cve: "CVE-2015-7973", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.CVE-2015-7973 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7973", }, { cve: "CVE-2015-7974", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a skeleton key.CVE-2015-7974 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7974", }, { cve: "CVE-2015-7977", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.CVE-2015-7977 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7977", }, { cve: "CVE-2015-7979", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.CVE-2015-7979 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7979", }, { cve: "CVE-2015-7705", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.CVE-2015-7705 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7705", }, { cve: "CVE-2015-8138", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.CVE-2015-8138 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-8138", }, { cve: "CVE-2016-1547", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.CVE-2016-1547 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-1547", }, { cve: "CVE-2016-1548", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.CVE-2016-1548 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-1548", }, { cve: "CVE-2016-1550", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.CVE-2016-1550 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-1550", }, { cve: "CVE-2016-4953", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeralassociation demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.CVE-2016-4953 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-4953", }, { cve: "CVE-2016-4954", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.CVE-2016-4954 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-4954", }, ], }
ICSA-21-103-11
Vulnerability from csaf_cisa
Published
2021-04-13 00:00
Modified
2021-04-13 00:00
Summary
ICSA-21-103-11_Siemens TIM 4R-IE Devices
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Siemens reported these vulnerabilities to CISA.
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "summary", text: "Siemens reported these vulnerabilities to CISA.", title: "Summary", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "CISAservicedesk@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "ICS Advisory ICSA-21-103-11 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-103-11.json", }, { category: "self", summary: "ICS Advisory ICSA-21-103-11 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-103-11", }, ], title: "ICSA-21-103-11_Siemens TIM 4R-IE Devices", tracking: { current_release_date: "2021-04-13T00:00:00.000000Z", generator: { engine: { name: "CISA USCert CSAF Generator", version: "1", }, }, id: "ICSA-21-103-11", initial_release_date: "2021-04-13T00:00:00.000000Z", revision_history: [ { date: "2021-04-13T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-103-11 Siemens TIM 4R-IE Devices", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "vers:all/*", product: { name: "TIM 4R-IE DNP3 (incl. SIPLUS NET variants): All versions", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "TIM 4R-IE DNP3 (incl. SIPLUS NET variants)", }, { branches: [ { category: "product_version", name: "vers:all/*", product: { name: "TIM 4R-IE (incl. SIPLUS NET variants): All versions", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "TIM 4R-IE (incl. SIPLUS NET variants)", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2015-5219", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.CVE-2015-5219 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-5219", }, { cve: "CVE-2015-7855", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.CVE-2015-7855 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7855", }, { cve: "CVE-2015-7871", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. CVE-2015-7871 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7871", }, { cve: "CVE-2015-7973", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.CVE-2015-7973 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7973", }, { cve: "CVE-2015-7974", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a skeleton key.CVE-2015-7974 has been assigned to this vulnerability. A CVSS v3 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7974", }, { cve: "CVE-2015-7977", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.CVE-2015-7977 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7977", }, { cve: "CVE-2015-7979", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.CVE-2015-7979 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7979", }, { cve: "CVE-2015-7705", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.CVE-2015-7705 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-7705", }, { cve: "CVE-2015-8138", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.CVE-2015-8138 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2015-8138", }, { cve: "CVE-2016-1547", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.CVE-2016-1547 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-1547", }, { cve: "CVE-2016-1548", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.CVE-2016-1548 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-1548", }, { cve: "CVE-2016-1550", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.CVE-2016-1550 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-1550", }, { cve: "CVE-2016-4953", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeralassociation demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.CVE-2016-4953 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-4953", }, { cve: "CVE-2016-4954", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.CVE-2016-4954 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], url: "https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2016-4954", }, ], }
fkie_cve-2015-7855
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - | |
| siemens | tim_4r-ie_firmware | * | |
| siemens | tim_4r-ie | - | |
| siemens | tim_4r-ie_dnp3_firmware | * | |
| siemens | tim_4r-ie_dnp3 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", matchCriteriaId: "C240BAAB-8C12-4501-9DC6-FB877304E908", versionEndExcluding: "4.2.8", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", matchCriteriaId: "79494F07-6081-497D-8A2D-B05486599EAE", versionEndExcluding: "4.3.77", versionStartIncluding: "4.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", matchCriteriaId: "EEA51D83-5841-4335-AF07-7A43C118CAAE", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", matchCriteriaId: "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", matchCriteriaId: "49ADE0C3-F75C-4EC0-8805-56013F0EB92C", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", matchCriteriaId: "D8FF625A-EFA3-43D1-8698-4A37AE31A07C", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", matchCriteriaId: "E3B99BBD-97FE-4615-905A-A614592226F8", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", matchCriteriaId: "E7A9AD3A-F030-4331-B52A-518BD963AB8A", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", matchCriteriaId: "C293B8BE-6691-4944-BCD6-25EB98CABC73", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", matchCriteriaId: "CEA650F8-2576-494A-A861-61572CA319D0", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", matchCriteriaId: "4ED21EE8-7CBF-4BC5-BFC3-185D41296238", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", matchCriteriaId: "C76A0B44-13DE-4173-8D05-DA54F6A71759", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", matchCriteriaId: "1450241C-2F6D-4122-B33C-D78D065BA403", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", matchCriteriaId: "721AFD22-91D3-488E-A5E6-DD84C86E412B", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", matchCriteriaId: "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", matchCriteriaId: "41E44E9F-6383-4E12-AEDC-B653FEA77A48", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", matchCriteriaId: "466D9A37-2658-4695-9429-0C6BF4A631C2", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", matchCriteriaId: "99774181-5F12-446C-AC2C-DB1C52295EED", vulnerable: true, }, { criteria: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", matchCriteriaId: "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", matchCriteriaId: "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "212E1878-1B9A-4CB4-A1CE-EAD60B867161", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*", matchCriteriaId: "95B173E0-1475-4F8D-A982-86F36BE3DD4A", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", matchCriteriaId: "1FED6CAE-D97F-49E0-9D00-1642A3A427B4", vulnerable: true, }, { criteria: "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", matchCriteriaId: "392A1364-2739-450D-9E19-DFF93081C2C6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E0730ED6-676B-4200-BC07-C0B4531B242C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*", matchCriteriaId: "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E16E82E3-9A85-41A4-8A33-12AE45A1B584", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*", matchCriteriaId: "EE27728D-D37B-43FC-BA8A-0E930DDBD10B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", }, { lang: "es", value: "La función decodenetnum en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio (fallo de aserción) empleando un paquete en modo 6 o modo 7 que contiene un valor de datos largo.", }, ], id: "CVE-2015-7855", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-07T20:29:00.950", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3388", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/77283", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033951", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://security.gentoo.org/glsa/201607-15", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20171004-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40840/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3388", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/77283", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://security.gentoo.org/glsa/201607-15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20171004-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40840/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2015-7855
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
Aliases
Aliases
{ GSD: { alias: "CVE-2015-7855", description: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", id: "GSD-2015-7855", references: [ "https://www.suse.com/security/cve/CVE-2015-7855.html", "https://www.debian.org/security/2015/dsa-3388", "https://ubuntu.com/security/CVE-2015-7855", "https://advisories.mageia.org/CVE-2015-7855.html", "https://packetstormsecurity.com/files/cve/CVE-2015-7855", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2015-7855", ], details: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", id: "GSD-2015-7855", modified: "2023-12-13T01:20:02.110271Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-7855", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "40840", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40840/", }, { name: "77283", refsource: "BID", url: "http://www.securityfocus.com/bid/77283", }, { name: "1033951", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033951", }, { name: "DSA-3388", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3388", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", refsource: "CONFIRM", url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", }, { name: "http://support.ntp.org/bin/view/Main/NtpBug2922", refsource: "CONFIRM", url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { name: "GLSA-201607-15", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-15", }, { name: "https://security.netapp.com/advisory/ntap-20171004-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20171004-0001/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", refsource: "CONFIRM", url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.2.8", versionStartIncluding: "4.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "4.3.77", versionStartIncluding: "4.3.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-7855", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", refsource: "CONFIRM", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1274264", }, { name: "77283", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/77283", }, { name: "http://support.ntp.org/bin/view/Main/NtpBug2922", refsource: "CONFIRM", tags: [ "Patch", "Vendor Advisory", ], url: "http://support.ntp.org/bin/view/Main/NtpBug2922", }, { name: "GLSA-201607-15", refsource: "GENTOO", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://security.gentoo.org/glsa/201607-15", }, { name: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", refsource: "CONFIRM", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839", }, { name: "40840", refsource: "EXPLOIT-DB", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40840/", }, { name: "1033951", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033951", }, { name: "DSA-3388", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3388", }, { name: "https://security.netapp.com/advisory/ntap-20171004-0001/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20171004-0001/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf", }, { name: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", refsource: "CONFIRM", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: true, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, }, }, lastModifiedDate: "2021-04-19T15:33Z", publishedDate: "2017-08-07T20:29Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.