Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 |
Informations | |||
---|---|---|---|
Name | cisco-sa-20151021-ntp | First vendor Publication | 2015-10-21 |
Vendor | Cisco | Last vendor Modification | 2015-10-21 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server. On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows: CVE-2015-7691 - Denial of Service AutoKey Malicious Message CVE-2015-7692 - Denial of Service AutoKey Malicious Message CVE-2015-7701 - Denial of Service CRYPTO_ASSOC Memory Leak CVE-2015-7702 - Denial of Service AutoKey Malicious Message CVE-2015-7703 - Configuration Directive File Overwrite Vulnerability CVE-2015-7704 - Denial of Service by Spoofed Kiss-o'-Death CVE-2015-7705 - Denial of Service by Priming the Pump CVE-2015-7848 - Network Time Protocol ntpd multiple integer overflow read access violations CVE-2015-7849 - Network Time Protocol Trusted Keys Memory Corruption Vulnerability CVE-2015-7850 - Network Time Protocol Remote Configuration Denial of Service Vulnerability CVE-2015-7851 - Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability CVE-2015-7852 - Network Time Protocol ntpq atoascii Memory Corruption Vulnerability CVE-2015-7853 - Network Time Protocol Reference Clock Memory Corruption Vulnerability CVE-2015-7854 - Network Time Protocol Password Length Memory Corruption Vulnerability CVE-2015-7855 - Denial of Service Long Control Packet Message CVE-2015-7871 - NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability Additional details on each of the vulnerabilities can be found at the following links: Official Security Advisory from ntp.org: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Boston University: http://www.cs.bu.edu/~goldbe/NTPattack.html Cisco TALOS: http://talosintel.com/vulnerability-reports/ Cisco will release software updates that address these vulnerabilities. Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWKD7JAAoJEIpI1I6i1Mx3IkQP/2aE4lwydg/U8+iPTaHddTzl XkkpY5ElrKXZ7v2eEPOEGDiH8sVAH/bV2vlfaoglLWu8eCBKncwqltEYQBKY3WmY eDKxqcN0uXu3lZ6pgiscYiGVySmP2uAvYcIyz/LEfXh9YoWIQFuZdu1lQU7+2Npq ZnLXwu6jUu5w3FBeOwnzX8tgpPFVUeKyF4h2huQkr/s4J48SXopMcVHHQmbY8Gay FNroabYYrWjEdMIcWwMG2hQGLgF2IEjQzrzKBoge0dPdyRNb3MBLdAPY0nU0hgCd I/VOArDynjbH659u+7Qk6qJYGsL7QvX/+7QhitHyqCiGBlCWZCFsYZoFN6BbhDS5 BaJDc/9EPrlzixMrZ0kxqEdrMfhg+JaEUNzwXDBVIuiswTjUAryImQVh3T5gaJYf 8SbpFjWiXrQChPUrLx/alEiUvavcqX192b3fBijgnkoiM7XJWwBBXk+dh4KyjgiG 8HjCCQXcvC+JJ4myPvu1iRIaG4hX2GDtagni0tLaSgqnyPlEmOSxhFuBTWpwWJbq zRYj+0KQI84B6tReTPt+d+bm7/ZjQu4s+nGzLnJDwmpsSeu5+0zA953uoWCwpnjo Hwi6reeBa7z+zdXzka3cEtiOVgpKVvhY9j1z1aBEd9EGtxIcolRT89IblT3Ga+z5 inBEFRMskVkLPpyKtE6Y =3aoR END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
53 % | CWE-20 | Improper Input Validation |
13 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
7 % | CWE-772 | Missing Release of Resource after Effective Lifetime |
7 % | CWE-416 | Use After Free |
7 % | CWE-287 | Improper Authentication |
7 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
7 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-12-20 | NTP origin timestamp denial of service attempt RuleID : 40811 - Revision : 4 - Type : SERVER-OTHER |
2016-03-14 | NTP arbitrary pidfile and driftfile overwrite attempt RuleID : 37526 - Revision : 3 - Type : SERVER-OTHER |
2016-03-14 | NTP arbitrary pidfile and driftfile overwrite attempt RuleID : 37525 - Revision : 4 - Type : SERVER-OTHER |
2016-03-14 | NTP decodenetnum assertion failure denial of service attempt RuleID : 36633 - Revision : 3 - Type : SERVER-OTHER |
2016-03-14 | NTP decodenetnum assertion failure denial of service attempt RuleID : 36632 - Revision : 3 - Type : SERVER-OTHER |
2016-03-14 | NTP crypto-NAK packet flood attempt RuleID : 36536 - Revision : 5 - Type : SERVER-OTHER |
2015-10-01 | ntpd saveconfig directory traversal attempt RuleID : 36253 - Revision : 5 - Type : SERVER-OTHER |
2015-10-01 | ntpd remote configuration denial of service attempt RuleID : 36252 - Revision : 4 - Type : SERVER-OTHER |
2015-10-01 | ntpq atoascii memory corruption attempt RuleID : 36251 - Revision : 4 - Type : SERVER-OTHER |
2015-10-01 | ntpd keyfile buffer overflow attempt RuleID : 36250 - Revision : 4 - Type : SERVER-OTHER |
2015-09-01 | multiple vendors NTP daemon integer overflow attempt RuleID : 35831 - Revision : 4 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-05-11 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1009.nasl - Type : ACT_GATHER_INFO |
2018-05-11 | Name : The remote Amazon Linux 2 host is missing a security update. File : al2_ALAS-2018-1009.nasl - Type : ACT_GATHER_INFO |
2017-08-09 | Name : The remote AIX host has a version of NTP installed that is affected by multip... File : aix_ntp_v4_advisory4.nasl - Type : ACT_GATHER_INFO |
2017-08-09 | Name : The remote AIX host has a version of NTP installed that is affected by multip... File : aix_ntp_v3_advisory4.nasl - Type : ACT_GATHER_INFO |
2017-05-01 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2016-1060.nasl - Type : ACT_GATHER_INFO |
2017-02-01 | Name : The remote host is affected by multiple vulnerabilities. File : citrix_xenserver_CTX220112.nasl - Type : ACT_GATHER_INFO |
2016-12-15 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20161103_ntp_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2016-11-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-2583.nasl - Type : ACT_GATHER_INFO |
2016-11-11 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-2583.nasl - Type : ACT_GATHER_INFO |
2016-11-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-2583.nasl - Type : ACT_GATHER_INFO |
2016-08-29 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1912-1.nasl - Type : ACT_GATHER_INFO |
2016-07-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201607-15.nasl - Type : ACT_GATHER_INFO |
2016-06-17 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1568-1.nasl - Type : ACT_GATHER_INFO |
2016-06-09 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160510_ntp_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2016-06-03 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17528.nasl - Type : ACT_GATHER_INFO |
2016-06-01 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0082.nasl - Type : ACT_GATHER_INFO |
2016-06-01 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-649.nasl - Type : ACT_GATHER_INFO |
2016-05-26 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17515.nasl - Type : ACT_GATHER_INFO |
2016-05-25 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17529.nasl - Type : ACT_GATHER_INFO |
2016-05-25 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17525.nasl - Type : ACT_GATHER_INFO |
2016-05-25 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17517.nasl - Type : ACT_GATHER_INFO |
2016-05-20 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-599.nasl - Type : ACT_GATHER_INFO |
2016-05-19 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1311-1.nasl - Type : ACT_GATHER_INFO |
2016-05-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0780.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1291-1.nasl - Type : ACT_GATHER_INFO |
2016-05-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0780.nasl - Type : ACT_GATHER_INFO |
2016-05-13 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1278-1.nasl - Type : ACT_GATHER_INFO |
2016-05-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0780.nasl - Type : ACT_GATHER_INFO |
2016-05-09 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-1247-1.nasl - Type : ACT_GATHER_INFO |
2016-05-05 | Name : The remote NTP server is affected by multiple vulnerabilities. File : ntp_4_2_8p7.nasl - Type : ACT_GATHER_INFO |
2016-05-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-120-01.nasl - Type : ACT_GATHER_INFO |
2016-04-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b2487d9a0c3011e6acd0d050996490d0.nasl - Type : ACT_GATHER_INFO |
2016-04-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201604-03.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2016-34bc10a2c8.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-f5f5ec7b6b.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2015-77bfbc1bcd.nasl - Type : ACT_GATHER_INFO |
2016-02-18 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17516.nasl - Type : ACT_GATHER_INFO |
2016-01-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17518.nasl - Type : ACT_GATHER_INFO |
2016-01-22 | Name : The remote AIX host is missing a security patch. File : aix_IV79946.nasl - Type : ACT_GATHER_INFO |
2016-01-22 | Name : The remote AIX host is missing a security patch. File : aix_IV79945.nasl - Type : ACT_GATHER_INFO |
2016-01-22 | Name : The remote AIX host is missing a security patch. File : aix_IV79944.nasl - Type : ACT_GATHER_INFO |
2016-01-22 | Name : The remote AIX host is missing a security patch. File : aix_IV79943.nasl - Type : ACT_GATHER_INFO |
2016-01-22 | Name : The remote AIX host is missing a security patch. File : aix_IV79942.nasl - Type : ACT_GATHER_INFO |
2015-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2520.nasl - Type : ACT_GATHER_INFO |
2015-11-23 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-2058-1.nasl - Type : ACT_GATHER_INFO |
2015-11-20 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-767.nasl - Type : ACT_GATHER_INFO |
2015-11-06 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17566.nasl - Type : ACT_GATHER_INFO |
2015-11-06 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17530.nasl - Type : ACT_GATHER_INFO |
2015-11-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3388.nasl - Type : ACT_GATHER_INFO |
2015-10-30 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-302-03.nasl - Type : ACT_GATHER_INFO |
2015-10-29 | Name : The remote Debian host is missing a security update. File : debian_DLA-335.nasl - Type : ACT_GATHER_INFO |
2015-10-29 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-607.nasl - Type : ACT_GATHER_INFO |
2015-10-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2783-1.nasl - Type : ACT_GATHER_INFO |
2015-10-28 | Name : The remote NTP server is affected by multiple vulnerabilities. File : ntp_4_2_8p4.nasl - Type : ACT_GATHER_INFO |
2015-10-27 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151026_ntp_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-10-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1930.nasl - Type : ACT_GATHER_INFO |
2015-10-27 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0140.nasl - Type : ACT_GATHER_INFO |
2015-10-27 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1930.nasl - Type : ACT_GATHER_INFO |
2015-10-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1930.nasl - Type : ACT_GATHER_INFO |
2015-10-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c4a18a1277fc11e5a687206a8a720317.nasl - Type : ACT_GATHER_INFO |
2015-09-03 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-593.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2021-08-05 01:49:23 |
|
2015-10-22 05:21:26 |
|