All the vulnerabilites related to suse - manager_proxy
cve-2016-1285
Vulnerability from cvelistv5
Published
2016-03-09 23:00
Modified
2024-08-05 22:48
Severity ?
Summary
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
References
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlx_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlvendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2016/dsa-3511vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlvendor-advisory, x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.ascvendor-advisory, x_refsource_FREEBSD
https://kb.isc.org/article/AA-01438x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2925-1vendor-advisory, x_refsource_UBUNTU
https://kb.isc.org/article/AA-01352x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0562.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201610-07vendor-advisory, x_refsource_GENTOO
http://www.securitytracker.com/id/1035236vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlvendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=146191105921542&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlvendor-advisory, x_refsource_SUSE
https://kb.isc.org/article/AA-01380x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlvendor-advisory, x_refsource_FEDORA
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0601.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=146191105921542&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlvendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlvendor-advisory, x_refsource_FEDORA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2016-1285",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T17:28:36.470367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T17:28:43.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "FEDORA-2016-5047abe4a9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
          },
          {
            "name": "DSA-3511",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3511"
          },
          {
            "name": "SUSE-SU-2016:0780",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
          },
          {
            "name": "FreeBSD-SA-16:13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "name": "USN-2925-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2925-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01352"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "RHSA-2016:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
          },
          {
            "name": "openSUSE-SU-2016:0830",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
          },
          {
            "name": "GLSA-201610-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-07"
          },
          {
            "name": "1035236",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035236"
          },
          {
            "name": "SUSE-SU-2016:1541",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
          },
          {
            "name": "FEDORA-2016-364c0a9df4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
          },
          {
            "name": "openSUSE-SU-2016:0834",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
          },
          {
            "name": "HPSBUX03583",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
          },
          {
            "name": "SUSE-SU-2016:0759",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01380"
          },
          {
            "name": "FEDORA-2016-dce6dbe6a8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
          },
          {
            "name": "FEDORA-2016-b593e84223",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "name": "SUSE-SU-2016:0825",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
          },
          {
            "name": "RHSA-2016:0601",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
          },
          {
            "name": "SSRT110084",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0859",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
          },
          {
            "name": "FEDORA-2016-161b73fc2c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
          },
          {
            "name": "openSUSE-SU-2016:0827",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
          },
          {
            "name": "FEDORA-2016-75f31fbb0a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-20T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "FEDORA-2016-5047abe4a9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
        },
        {
          "name": "DSA-3511",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3511"
        },
        {
          "name": "SUSE-SU-2016:0780",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
        },
        {
          "name": "FreeBSD-SA-16:13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01438"
        },
        {
          "name": "USN-2925-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2925-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01352"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "RHSA-2016:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
        },
        {
          "name": "openSUSE-SU-2016:0830",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
        },
        {
          "name": "GLSA-201610-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-07"
        },
        {
          "name": "1035236",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035236"
        },
        {
          "name": "SUSE-SU-2016:1541",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
        },
        {
          "name": "FEDORA-2016-364c0a9df4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
        },
        {
          "name": "openSUSE-SU-2016:0834",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
        },
        {
          "name": "HPSBUX03583",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
        },
        {
          "name": "SUSE-SU-2016:0759",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01380"
        },
        {
          "name": "FEDORA-2016-dce6dbe6a8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
        },
        {
          "name": "FEDORA-2016-b593e84223",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "name": "SUSE-SU-2016:0825",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
        },
        {
          "name": "RHSA-2016:0601",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
        },
        {
          "name": "SSRT110084",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0859",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
        },
        {
          "name": "FEDORA-2016-161b73fc2c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
        },
        {
          "name": "openSUSE-SU-2016:0827",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
        },
        {
          "name": "FEDORA-2016-75f31fbb0a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "FEDORA-2016-5047abe4a9",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
            },
            {
              "name": "DSA-3511",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3511"
            },
            {
              "name": "SUSE-SU-2016:0780",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
            },
            {
              "name": "FreeBSD-SA-16:13",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
            },
            {
              "name": "https://kb.isc.org/article/AA-01438",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01438"
            },
            {
              "name": "USN-2925-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2925-1"
            },
            {
              "name": "https://kb.isc.org/article/AA-01352",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01352"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "RHSA-2016:0562",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
            },
            {
              "name": "openSUSE-SU-2016:0830",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
            },
            {
              "name": "GLSA-201610-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-07"
            },
            {
              "name": "1035236",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035236"
            },
            {
              "name": "SUSE-SU-2016:1541",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
            },
            {
              "name": "FEDORA-2016-364c0a9df4",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
            },
            {
              "name": "openSUSE-SU-2016:0834",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
            },
            {
              "name": "HPSBUX03583",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
            },
            {
              "name": "SUSE-SU-2016:0759",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
            },
            {
              "name": "https://kb.isc.org/article/AA-01380",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01380"
            },
            {
              "name": "FEDORA-2016-dce6dbe6a8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
            },
            {
              "name": "FEDORA-2016-b593e84223",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "SUSE-SU-2016:0825",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
            },
            {
              "name": "RHSA-2016:0601",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
            },
            {
              "name": "SSRT110084",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0859",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
            },
            {
              "name": "FEDORA-2016-161b73fc2c",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
            },
            {
              "name": "openSUSE-SU-2016:0827",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
            },
            {
              "name": "FEDORA-2016-75f31fbb0a",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1285",
    "datePublished": "2016-03-09T23:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-4957
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
Summary
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
References
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlvendor-advisory, x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascvendor-advisory, x_refsource_FREEBSD
http://bugs.ntp.org/3046x_refsource_CONFIRM
http://www.securitytracker.com/id/1036037vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://support.ntp.org/bin/view/Main/SecurityNoticex_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlvendor-advisory, x_refsource_SUSE
http://support.ntp.org/bin/view/Main/NtpBug3046x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201607-15vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:40.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1602",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
          },
          {
            "name": "openSUSE-SU-2016:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
          },
          {
            "name": "FreeBSD-SA-16:24",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ntp.org/3046"
          },
          {
            "name": "1036037",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036037"
          },
          {
            "name": "SUSE-SU-2016:1584",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/321640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
          },
          {
            "name": "openSUSE-SU-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
          },
          {
            "name": "SUSE-SU-2016:1563",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-20T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1602",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
        },
        {
          "name": "openSUSE-SU-2016:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
        },
        {
          "name": "FreeBSD-SA-16:24",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ntp.org/3046"
        },
        {
          "name": "1036037",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036037"
        },
        {
          "name": "SUSE-SU-2016:1584",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/321640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
        },
        {
          "name": "openSUSE-SU-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
        },
        {
          "name": "SUSE-SU-2016:1563",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4957",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1602",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "http://bugs.ntp.org/3046",
              "refsource": "CONFIRM",
              "url": "http://bugs.ntp.org/3046"
            },
            {
              "name": "1036037",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3046",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4957",
    "datePublished": "2016-07-05T01:00:00",
    "dateReserved": "2016-05-23T00:00:00",
    "dateUpdated": "2024-08-06T00:46:40.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-4955
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
Summary
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
References
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-3096-1vendor-advisory, x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlvendor-advisory, x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascvendor-advisory, x_refsource_FREEBSD
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/vendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/91007vdb-entry, x_refsource_BID
http://support.ntp.org/bin/view/Main/NtpBug3043x_refsource_CONFIRM
http://www.securitytracker.com/id/1036037vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://bugs.ntp.org/3043x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://support.ntp.org/bin/view/Main/SecurityNoticex_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201607-15vendor-advisory, x_refsource_GENTOO
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.htmlx_refsource_MISC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpdvendor-advisory, x_refsource_CISCO
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.htmlx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/538599/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/538600/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:39.886Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1602",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
          },
          {
            "name": "USN-3096-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3096-1"
          },
          {
            "name": "FEDORA-2016-c3bd6a3496",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
          },
          {
            "name": "openSUSE-SU-2016:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
          },
          {
            "name": "FreeBSD-SA-16:24",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "FEDORA-2016-89e0874533",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
          },
          {
            "name": "91007",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91007"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
          },
          {
            "name": "1036037",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036037"
          },
          {
            "name": "SUSE-SU-2016:1584",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ntp.org/3043"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/321640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
          },
          {
            "name": "FEDORA-2016-50b0066b7f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
          },
          {
            "name": "openSUSE-SU-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
          },
          {
            "name": "SUSE-SU-2016:1563",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
          },
          {
            "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
          },
          {
            "name": "SUSE-SU-2016:1568",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
          },
          {
            "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
          },
          {
            "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/321640"
          },
          {
            "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
          },
          {
            "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-16T12:00:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1602",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
        },
        {
          "name": "USN-3096-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3096-1"
        },
        {
          "name": "FEDORA-2016-c3bd6a3496",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
        },
        {
          "name": "openSUSE-SU-2016:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
        },
        {
          "name": "FreeBSD-SA-16:24",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
        },
        {
          "name": "SUSE-SU-2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "FEDORA-2016-89e0874533",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
        },
        {
          "name": "91007",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91007"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
        },
        {
          "name": "1036037",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036037"
        },
        {
          "name": "SUSE-SU-2016:1584",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ntp.org/3043"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/321640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
        },
        {
          "name": "FEDORA-2016-50b0066b7f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
        },
        {
          "name": "openSUSE-SU-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
        },
        {
          "name": "SUSE-SU-2016:1563",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
        },
        {
          "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
        },
        {
          "name": "SUSE-SU-2016:1568",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
        },
        {
          "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
        },
        {
          "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/321640"
        },
        {
          "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
        },
        {
          "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4955",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1602",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "name": "91007",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91007"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3043",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
            },
            {
              "name": "1036037",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "http://bugs.ntp.org/3043",
              "refsource": "CONFIRM",
              "url": "http://bugs.ntp.org/3043"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4955",
    "datePublished": "2016-07-05T01:00:00",
    "dateReserved": "2016-05-23T00:00:00",
    "dateUpdated": "2024-08-06T00:46:39.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-4956
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
References
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-3096-1vendor-advisory, x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/vendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/91009vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlvendor-advisory, x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascvendor-advisory, x_refsource_FREEBSD
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/vendor-advisory, x_refsource_FEDORA
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usx_refsource_CONFIRM
http://www.securitytracker.com/id/1036037vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlx_refsource_CONFIRM
http://support.ntp.org/bin/view/Main/NtpBug3042x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://bugs.ntp.org/3042x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://support.ntp.org/bin/view/Main/SecurityNoticex_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201607-15vendor-advisory, x_refsource_GENTOO
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.htmlx_refsource_MISC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpdvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/archive/1/540683/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/538599/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/538600/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:40.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1602",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
          },
          {
            "name": "USN-3096-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3096-1"
          },
          {
            "name": "FEDORA-2016-c3bd6a3496",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
          },
          {
            "name": "91009",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91009"
          },
          {
            "name": "openSUSE-SU-2016:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
          },
          {
            "name": "FreeBSD-SA-16:24",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "FEDORA-2016-89e0874533",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
          },
          {
            "name": "1036037",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036037"
          },
          {
            "name": "SUSE-SU-2016:1584",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ntp.org/3042"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/321640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
          },
          {
            "name": "FEDORA-2016-50b0066b7f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
          },
          {
            "name": "openSUSE-SU-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
          },
          {
            "name": "SUSE-SU-2016:1563",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
          },
          {
            "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
          },
          {
            "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2016:1568",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
          },
          {
            "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
          },
          {
            "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
          },
          {
            "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/321640"
          },
          {
            "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
          },
          {
            "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-16T12:00:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1602",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
        },
        {
          "name": "USN-3096-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3096-1"
        },
        {
          "name": "FEDORA-2016-c3bd6a3496",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
        },
        {
          "name": "91009",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91009"
        },
        {
          "name": "openSUSE-SU-2016:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
        },
        {
          "name": "FreeBSD-SA-16:24",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
        },
        {
          "name": "SUSE-SU-2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "FEDORA-2016-89e0874533",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
        },
        {
          "name": "1036037",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036037"
        },
        {
          "name": "SUSE-SU-2016:1584",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
        },
        {
          "name": "SUSE-SU-2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ntp.org/3042"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/321640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
        },
        {
          "name": "FEDORA-2016-50b0066b7f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
        },
        {
          "name": "openSUSE-SU-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
        },
        {
          "name": "SUSE-SU-2016:1563",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
        },
        {
          "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
        },
        {
          "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2016:1568",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
        },
        {
          "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
        },
        {
          "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
        },
        {
          "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/321640"
        },
        {
          "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
        },
        {
          "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4956",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1602",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "91009",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91009"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3042",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "http://bugs.ntp.org/3042",
              "refsource": "CONFIRM",
              "url": "http://bugs.ntp.org/3042"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4956",
    "datePublished": "2016-07-05T01:00:00",
    "dateReserved": "2016-05-23T00:00:00",
    "dateUpdated": "2024-08-06T00:46:40.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27239
Vulnerability from cvelistv5
Published
2022-04-27 00:00
Modified
2024-08-03 05:25
Severity ?
Summary
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
References
https://bugzilla.suse.com/show_bug.cgi?id=1197216
http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba
https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765
https://bugzilla.samba.org/show_bug.cgi?id=15025
https://github.com/piastry/cifs-utils/pull/7
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00020.htmlmailing-list
https://www.debian.org/security/2022/dsa-5157vendor-advisory
https://security.gentoo.org/glsa/202311-05vendor-advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:25:32.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/piastry/cifs-utils/pull/7"
          },
          {
            "name": "FEDORA-2022-eb2d3ca94d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"
          },
          {
            "name": "FEDORA-2022-7fda04ab5a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"
          },
          {
            "name": "FEDORA-2022-34de4f833d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"
          },
          {
            "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"
          },
          {
            "name": "DSA-5157",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5157"
          },
          {
            "name": "GLSA-202311-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-24T15:06:24.937043",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"
        },
        {
          "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"
        },
        {
          "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"
        },
        {
          "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"
        },
        {
          "url": "https://github.com/piastry/cifs-utils/pull/7"
        },
        {
          "name": "FEDORA-2022-eb2d3ca94d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"
        },
        {
          "name": "FEDORA-2022-7fda04ab5a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"
        },
        {
          "name": "FEDORA-2022-34de4f833d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"
        },
        {
          "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3009-1] cifs-utils security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"
        },
        {
          "name": "DSA-5157",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5157"
        },
        {
          "name": "GLSA-202311-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202311-05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-27239",
    "datePublished": "2022-04-27T00:00:00",
    "dateReserved": "2022-03-18T00:00:00",
    "dateUpdated": "2024-08-03T05:25:32.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1286
Vulnerability from cvelistv5
Published
2016-03-09 23:00
Modified
2024-08-05 22:48
Severity ?
Summary
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
References
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlx_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlvendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2016/dsa-3511vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1035237vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlvendor-advisory, x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.ascvendor-advisory, x_refsource_FREEBSD
https://kb.isc.org/article/AA-01438x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2925-1vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0562.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlx_refsource_CONFIRM
https://security.gentoo.org/glsa/201610-07vendor-advisory, x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlvendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlvendor-advisory, x_refsource_SUSE
http://marc.info/?l=bugtraq&m=146191105921542&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlvendor-advisory, x_refsource_SUSE
https://kb.isc.org/article/AA-01380x_refsource_CONFIRM
https://kb.isc.org/article/AA-01353x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlvendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlvendor-advisory, x_refsource_FEDORA
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0601.htmlvendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=146191105921542&w=2vendor-advisory, x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlvendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlvendor-advisory, x_refsource_FEDORA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "FEDORA-2016-5047abe4a9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
          },
          {
            "name": "DSA-3511",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3511"
          },
          {
            "name": "1035237",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035237"
          },
          {
            "name": "SUSE-SU-2016:0780",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
          },
          {
            "name": "FreeBSD-SA-16:13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01438"
          },
          {
            "name": "USN-2925-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2925-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "RHSA-2016:0562",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
          },
          {
            "name": "openSUSE-SU-2016:0830",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "GLSA-201610-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-07"
          },
          {
            "name": "SUSE-SU-2016:1541",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
          },
          {
            "name": "FEDORA-2016-364c0a9df4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
          },
          {
            "name": "openSUSE-SU-2016:0834",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
          },
          {
            "name": "HPSBUX03583",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
          },
          {
            "name": "SUSE-SU-2016:0759",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01380"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/article/AA-01353"
          },
          {
            "name": "FEDORA-2016-dce6dbe6a8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
          },
          {
            "name": "FEDORA-2016-b593e84223",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
          },
          {
            "name": "SUSE-SU-2016:0825",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
          },
          {
            "name": "RHSA-2016:0601",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
          },
          {
            "name": "SSRT110084",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0859",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
          },
          {
            "name": "FEDORA-2016-161b73fc2c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
          },
          {
            "name": "openSUSE-SU-2016:0827",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
          },
          {
            "name": "FEDORA-2016-75f31fbb0a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-20T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "FEDORA-2016-5047abe4a9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
        },
        {
          "name": "DSA-3511",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3511"
        },
        {
          "name": "1035237",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035237"
        },
        {
          "name": "SUSE-SU-2016:0780",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
        },
        {
          "name": "FreeBSD-SA-16:13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01438"
        },
        {
          "name": "USN-2925-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2925-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "RHSA-2016:0562",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
        },
        {
          "name": "openSUSE-SU-2016:0830",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "GLSA-201610-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-07"
        },
        {
          "name": "SUSE-SU-2016:1541",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
        },
        {
          "name": "FEDORA-2016-364c0a9df4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
        },
        {
          "name": "openSUSE-SU-2016:0834",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
        },
        {
          "name": "HPSBUX03583",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
        },
        {
          "name": "SUSE-SU-2016:0759",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01380"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/article/AA-01353"
        },
        {
          "name": "FEDORA-2016-dce6dbe6a8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
        },
        {
          "name": "FEDORA-2016-b593e84223",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
        },
        {
          "name": "SUSE-SU-2016:0825",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
        },
        {
          "name": "RHSA-2016:0601",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
        },
        {
          "name": "SSRT110084",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0859",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
        },
        {
          "name": "FEDORA-2016-161b73fc2c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
        },
        {
          "name": "openSUSE-SU-2016:0827",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
        },
        {
          "name": "FEDORA-2016-75f31fbb0a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-1286",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "FEDORA-2016-5047abe4a9",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
            },
            {
              "name": "DSA-3511",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3511"
            },
            {
              "name": "1035237",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035237"
            },
            {
              "name": "SUSE-SU-2016:0780",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
            },
            {
              "name": "FreeBSD-SA-16:13",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
            },
            {
              "name": "https://kb.isc.org/article/AA-01438",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01438"
            },
            {
              "name": "USN-2925-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2925-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "RHSA-2016:0562",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
            },
            {
              "name": "openSUSE-SU-2016:0830",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "GLSA-201610-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-07"
            },
            {
              "name": "SUSE-SU-2016:1541",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
            },
            {
              "name": "FEDORA-2016-364c0a9df4",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
            },
            {
              "name": "openSUSE-SU-2016:0834",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
            },
            {
              "name": "HPSBUX03583",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
            },
            {
              "name": "SUSE-SU-2016:0759",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
            },
            {
              "name": "https://kb.isc.org/article/AA-01380",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01380"
            },
            {
              "name": "https://kb.isc.org/article/AA-01353",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/article/AA-01353"
            },
            {
              "name": "FEDORA-2016-dce6dbe6a8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
            },
            {
              "name": "FEDORA-2016-b593e84223",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
            },
            {
              "name": "SUSE-SU-2016:0825",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
            },
            {
              "name": "RHSA-2016:0601",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
            },
            {
              "name": "SSRT110084",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0859",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
            },
            {
              "name": "FEDORA-2016-161b73fc2c",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
            },
            {
              "name": "openSUSE-SU-2016:0827",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
            },
            {
              "name": "FEDORA-2016-75f31fbb0a",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-1286",
    "datePublished": "2016-03-09T23:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-4034
Vulnerability from cvelistv5
Published
2022-01-28 00:00
Modified
2024-11-04 14:58
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
References
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
https://www.oracle.com/security-alerts/cpuapr2022.html
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
https://www.suse.com/support/kb/doc/?id=000020564
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
https://www.starwindsoftware.com/security/sw-20220818-0001/
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-23T18:05:54.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000020564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-4034",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-04T14:58:14.217207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-06-27",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-4034"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T14:58:43.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "polkit",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "all"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "(CWE-787|CWE-125)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-11T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
        },
        {
          "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
        },
        {
          "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
        },
        {
          "url": "https://www.suse.com/support/kb/doc/?id=000020564"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
        },
        {
          "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
        },
        {
          "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4034",
    "datePublished": "2022-01-28T00:00:00",
    "dateReserved": "2021-11-29T00:00:00",
    "dateUpdated": "2024-11-04T14:58:43.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3718
Vulnerability from cvelistv5
Published
2016-05-05 18:00
Modified
2024-08-06 00:03
Severity ?
Summary
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
References
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLogx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2990-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/538378/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www.exploit-db.com/exploits/39767/exploit, x_refsource_EXPLOIT-DB
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlvendor-advisory, x_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.htmlmailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/05/03/18mailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/201611-21vendor-advisory, x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlvendor-advisory, x_refsource_SUSE
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568vendor-advisory, x_refsource_SLACKWARE
https://www.imagemagick.org/script/changelog.phpx_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3580vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0726.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.460Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
          },
          {
            "name": "openSUSE-SU-2016:1266",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
          },
          {
            "name": "openSUSE-SU-2016:1326",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
          },
          {
            "name": "USN-2990-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2990-1"
          },
          {
            "name": "openSUSE-SU-2016:1261",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
          },
          {
            "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
          },
          {
            "name": "39767",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39767/"
          },
          {
            "name": "SUSE-SU-2016:1260",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
          },
          {
            "name": "GLSA-201611-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-21"
          },
          {
            "name": "SUSE-SU-2016:1275",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
          },
          {
            "name": "SSA:2016-132-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.imagemagick.org/script/changelog.php"
          },
          {
            "name": "DSA-3580",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3580"
          },
          {
            "name": "RHSA-2016:0726",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
        },
        {
          "name": "openSUSE-SU-2016:1266",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
        },
        {
          "name": "openSUSE-SU-2016:1326",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
        },
        {
          "name": "USN-2990-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2990-1"
        },
        {
          "name": "openSUSE-SU-2016:1261",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
        },
        {
          "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
        },
        {
          "name": "39767",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39767/"
        },
        {
          "name": "SUSE-SU-2016:1260",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
        },
        {
          "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
        },
        {
          "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
        },
        {
          "name": "GLSA-201611-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-21"
        },
        {
          "name": "SUSE-SU-2016:1275",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
        },
        {
          "name": "SSA:2016-132-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.imagemagick.org/script/changelog.php"
        },
        {
          "name": "DSA-3580",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3580"
        },
        {
          "name": "RHSA-2016:0726",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3718",
    "datePublished": "2016-05-05T18:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.460Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-4954
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
Summary
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
References
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-3096-1vendor-advisory, x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlvendor-advisory, x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascvendor-advisory, x_refsource_FREEBSD
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlvendor-advisory, x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/vendor-advisory, x_refsource_FEDORA
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usx_refsource_CONFIRM
http://www.securitytracker.com/id/1036037vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlx_refsource_CONFIRM
http://support.ntp.org/bin/view/Main/NtpBug3044x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://support.ntp.org/bin/view/Main/SecurityNoticex_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlvendor-advisory, x_refsource_SUSE
http://bugs.ntp.org/3044x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201607-15vendor-advisory, x_refsource_GENTOO
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.htmlx_refsource_MISC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpdvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/archive/1/540683/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.htmlx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/538599/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/538600/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:39.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1602",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
          },
          {
            "name": "USN-3096-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3096-1"
          },
          {
            "name": "FEDORA-2016-c3bd6a3496",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
          },
          {
            "name": "openSUSE-SU-2016:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
          },
          {
            "name": "FreeBSD-SA-16:24",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "FEDORA-2016-89e0874533",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
          },
          {
            "name": "1036037",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036037"
          },
          {
            "name": "SUSE-SU-2016:1584",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/321640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
          },
          {
            "name": "FEDORA-2016-50b0066b7f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
          },
          {
            "name": "openSUSE-SU-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ntp.org/3044"
          },
          {
            "name": "SUSE-SU-2016:1563",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
          },
          {
            "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
          },
          {
            "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
          },
          {
            "name": "SUSE-SU-2016:1568",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
          },
          {
            "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
          },
          {
            "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
          },
          {
            "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/321640"
          },
          {
            "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
          },
          {
            "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-16T11:59:55",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1602",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
        },
        {
          "name": "USN-3096-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3096-1"
        },
        {
          "name": "FEDORA-2016-c3bd6a3496",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
        },
        {
          "name": "openSUSE-SU-2016:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
        },
        {
          "name": "FreeBSD-SA-16:24",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
        },
        {
          "name": "SUSE-SU-2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "FEDORA-2016-89e0874533",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
        },
        {
          "name": "1036037",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036037"
        },
        {
          "name": "SUSE-SU-2016:1584",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
        },
        {
          "name": "SUSE-SU-2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/321640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
        },
        {
          "name": "FEDORA-2016-50b0066b7f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
        },
        {
          "name": "openSUSE-SU-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ntp.org/3044"
        },
        {
          "name": "SUSE-SU-2016:1563",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
        },
        {
          "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
        },
        {
          "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
        },
        {
          "name": "SUSE-SU-2016:1568",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
        },
        {
          "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
        },
        {
          "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
        },
        {
          "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/321640"
        },
        {
          "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
        },
        {
          "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4954",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1602",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "USN-3096-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "FEDORA-2016-c3bd6a3496",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "FEDORA-2016-89e0874533",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "1036037",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3044",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "FEDORA-2016-50b0066b7f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "http://bugs.ntp.org/3044",
              "refsource": "CONFIRM",
              "url": "http://bugs.ntp.org/3044"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4954",
    "datePublished": "2016-07-05T01:00:00",
    "dateReserved": "2016-05-23T00:00:00",
    "dateUpdated": "2024-08-06T00:46:39.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3715
Vulnerability from cvelistv5
Published
2016-05-05 18:00
Modified
2024-08-06 00:03
Severity ?
Summary
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
References
http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLogx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2990-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/538378/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www.exploit-db.com/exploits/39767/exploit, x_refsource_EXPLOIT-DB
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlx_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/05/03/18mailing-list, x_refsource_MLIST
http://www.debian.org/security/2016/dsa-3746vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/201611-21vendor-advisory, x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlvendor-advisory, x_refsource_SUSE
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568vendor-advisory, x_refsource_SLACKWARE
https://www.imagemagick.org/script/changelog.phpx_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3580vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0726.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/89852vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:03:34.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
          },
          {
            "name": "openSUSE-SU-2016:1266",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
          },
          {
            "name": "openSUSE-SU-2016:1326",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
          },
          {
            "name": "USN-2990-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2990-1"
          },
          {
            "name": "openSUSE-SU-2016:1261",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
          },
          {
            "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
          },
          {
            "name": "39767",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39767/"
          },
          {
            "name": "SUSE-SU-2016:1260",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
          },
          {
            "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
          },
          {
            "name": "DSA-3746",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3746"
          },
          {
            "name": "GLSA-201611-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201611-21"
          },
          {
            "name": "SUSE-SU-2016:1275",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
          },
          {
            "name": "SSA:2016-132-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.imagemagick.org/script/changelog.php"
          },
          {
            "name": "DSA-3580",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3580"
          },
          {
            "name": "RHSA-2016:0726",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
          },
          {
            "name": "89852",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89852"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
        },
        {
          "name": "openSUSE-SU-2016:1266",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
        },
        {
          "name": "openSUSE-SU-2016:1326",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
        },
        {
          "name": "USN-2990-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2990-1"
        },
        {
          "name": "openSUSE-SU-2016:1261",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
        },
        {
          "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
        },
        {
          "name": "39767",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39767/"
        },
        {
          "name": "SUSE-SU-2016:1260",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
        },
        {
          "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
        },
        {
          "name": "DSA-3746",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3746"
        },
        {
          "name": "GLSA-201611-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201611-21"
        },
        {
          "name": "SUSE-SU-2016:1275",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
        },
        {
          "name": "SSA:2016-132-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.imagemagick.org/script/changelog.php"
        },
        {
          "name": "DSA-3580",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3580"
        },
        {
          "name": "RHSA-2016:0726",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
        },
        {
          "name": "89852",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/89852"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3715",
    "datePublished": "2016-05-05T18:00:00",
    "dateReserved": "2016-03-30T00:00:00",
    "dateUpdated": "2024-08-06T00:03:34.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-7995
Vulnerability from cvelistv5
Published
2017-05-03 19:00
Modified
2024-08-05 16:19
Severity ?
Summary
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
References
http://www.securityfocus.com/bid/98314vdb-entry, x_refsource_BID
https://bugzilla.suse.com/show_bug.cgi?id=1033948x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:19:29.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98314",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98314"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-08T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "98314",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98314"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7995",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98314",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98314"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1033948",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
            },
            {
              "name": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html",
              "refsource": "CONFIRM",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7995",
    "datePublished": "2017-05-03T19:00:00",
    "dateReserved": "2017-04-21T00:00:00",
    "dateUpdated": "2024-08-05T16:19:29.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-5194
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:41
Severity ?
Summary
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
References
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlvendor-advisory, x_refsource_SUSE
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrAx_refsource_CONFIRM
http://www.securityfocus.com/bid/76475vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-2783-1vendor-advisory, x_refsource_UBUNTU
https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=swg21986956x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=swg21988706x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2583.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlvendor-advisory, x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2016-0780.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2015/dsa-3388vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2015/08/25/3mailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1254542x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htmlvendor-advisory, x_refsource_FEDORA
https://www-01.ibm.com/support/docview.wss?uid=swg21989542x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=swg21985122x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:08.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU:2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
          },
          {
            "name": "76475",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76475"
          },
          {
            "name": "USN-2783-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2783-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
          },
          {
            "name": "RHSA-2016:2583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
          },
          {
            "name": "FEDORA-2015-77bfbc1bcd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
          },
          {
            "name": "RHSA-2016:0780",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
          },
          {
            "name": "DSA-3388",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
          },
          {
            "name": "SUSE-SU:2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "SUSE-SU:2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "FEDORA-2015-14212",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-17T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SU:2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
        },
        {
          "name": "76475",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76475"
        },
        {
          "name": "USN-2783-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2783-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
        },
        {
          "name": "RHSA-2016:2583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
        },
        {
          "name": "FEDORA-2015-77bfbc1bcd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
        },
        {
          "name": "RHSA-2016:0780",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
        },
        {
          "name": "DSA-3388",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3388"
        },
        {
          "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
        },
        {
          "name": "SUSE-SU:2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "SUSE-SU:2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "FEDORA-2015-14212",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5194",
    "datePublished": "2017-07-21T14:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:08.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0264
Vulnerability from cvelistv5
Published
2016-05-24 15:00
Modified
2024-08-05 22:15
Severity ?
Summary
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
References
http://www-01.ibm.com/support/docview.wss?uid=swg21980826x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlvendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2016:1430vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0708.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlvendor-advisory, x_refsource_SUSE
http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035vendor-advisory, x_refsource_AIXAPAR
http://rhn.redhat.com/errata/RHSA-2016-0716.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035953vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.htmlvendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.235Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "IV84035",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035953",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035953"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "IV84035",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035953",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035953"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0264",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "IV84035",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035953",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035953"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0264",
    "datePublished": "2016-05-24T15:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-5219
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:41
Severity ?
Summary
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
References
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.ascx_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157x_refsource_CONFIRM
https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.htmlvendor-advisory, x_refsource_SUSE
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2783-1vendor-advisory, x_refsource_UBUNTU
https://www-01.ibm.com/support/docview.wss?uid=swg21986956x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=swg21988706x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2583.htmlvendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlvendor-advisory, x_refsource_FEDORA
http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhgx_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0780.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2015/dsa-3388vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2015/08/25/3mailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1255118x_refsource_CONFIRM
http://www.securityfocus.com/bid/76473vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htmlvendor-advisory, x_refsource_FEDORA
https://www-01.ibm.com/support/docview.wss?uid=swg21989542x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=swg21985122x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.htmlvendor-advisory, x_refsource_FEDORA
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:08.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
          },
          {
            "name": "openSUSE-SU:2016:3280",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "USN-2783-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2783-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
          },
          {
            "name": "RHSA-2016:2583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
          },
          {
            "name": "FEDORA-2015-77bfbc1bcd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
          },
          {
            "name": "RHSA-2016:0780",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
          },
          {
            "name": "DSA-3388",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
          },
          {
            "name": "76473",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76473"
          },
          {
            "name": "SUSE-SU:2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "FEDORA-2015-14212",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
          },
          {
            "name": "FEDORA-2015-14213",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-15T20:35:47",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
        },
        {
          "name": "openSUSE-SU:2016:3280",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "USN-2783-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2783-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
        },
        {
          "name": "RHSA-2016:2583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
        },
        {
          "name": "FEDORA-2015-77bfbc1bcd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
        },
        {
          "name": "RHSA-2016:0780",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
        },
        {
          "name": "DSA-3388",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3388"
        },
        {
          "name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
        },
        {
          "name": "76473",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76473"
        },
        {
          "name": "SUSE-SU:2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "FEDORA-2015-14212",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
        },
        {
          "name": "FEDORA-2015-14213",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5219",
    "datePublished": "2017-07-21T14:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:08.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-3427
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-10-08 15:07
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
References
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0677.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-1039.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0701.htmlvendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2972-1vendor-advisory, x_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id/1037331vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0676.htmlvendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2016:1430vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20160420-0001/x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0708.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0723.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0651.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlvendor-advisory, x_refsource_SUSE
https://kc.mcafee.com/corporate/index?page=content&id=SB10159x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2964-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201606-18vendor-advisory, x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2016-0716.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1035596vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.htmlvendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2963-1vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-0675.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlvendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0702.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-0679.htmlvendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1216vendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3558vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2016-0678.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/86421vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-0650.htmlvendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/08/31/1mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:56:14.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2016:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
          },
          {
            "name": "RHSA-2016:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
          },
          {
            "name": "SUSE-SU-2016:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
          },
          {
            "name": "RHSA-2016:1039",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
          },
          {
            "name": "RHSA-2016:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
          },
          {
            "name": "USN-2972-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2972-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "SUSE-SU-2016:1303",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
          },
          {
            "name": "1037331",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037331"
          },
          {
            "name": "SUSE-SU-2016:1475",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
          },
          {
            "name": "openSUSE-SU-2016:1235",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2016:1262",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
          },
          {
            "name": "SUSE-SU-2016:1300",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
          },
          {
            "name": "RHSA-2016:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
          },
          {
            "name": "RHSA-2016:1430",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
          },
          {
            "name": "RHSA-2016:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
          },
          {
            "name": "RHSA-2016:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
          },
          {
            "name": "RHSA-2016:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
          },
          {
            "name": "SUSE-SU-2016:1378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
          },
          {
            "name": "SUSE-SU-2016:1248",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
          },
          {
            "name": "USN-2964-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2964-1"
          },
          {
            "name": "openSUSE-SU-2016:1230",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:1458",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
          },
          {
            "name": "GLSA-201606-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201606-18"
          },
          {
            "name": "RHSA-2016:0716",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
          },
          {
            "name": "1035596",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035596"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "openSUSE-SU-2016:1265",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
          },
          {
            "name": "USN-2963-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2963-1"
          },
          {
            "name": "RHSA-2016:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
          },
          {
            "name": "SUSE-SU-2016:1250",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:1388",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
          },
          {
            "name": "RHSA-2016:0702",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
          },
          {
            "name": "RHSA-2016:0679",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
          },
          {
            "name": "RHSA-2017:1216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1216"
          },
          {
            "name": "DSA-3558",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3558"
          },
          {
            "name": "RHSA-2016:0678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
          },
          {
            "name": "86421",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/86421"
          },
          {
            "name": "RHSA-2016:0650",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
          },
          {
            "name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
          },
          {
            "name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2016-3427",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T15:06:35.308318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-05-12",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3427"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T15:07:05.221Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-01T02:06:09",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "openSUSE-SU-2016:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
        },
        {
          "name": "RHSA-2016:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
        },
        {
          "name": "SUSE-SU-2016:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
        },
        {
          "name": "RHSA-2016:1039",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
        },
        {
          "name": "RHSA-2016:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
        },
        {
          "name": "USN-2972-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2972-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "SUSE-SU-2016:1303",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
        },
        {
          "name": "1037331",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037331"
        },
        {
          "name": "SUSE-SU-2016:1475",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
        },
        {
          "name": "openSUSE-SU-2016:1235",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2016:1262",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
        },
        {
          "name": "SUSE-SU-2016:1300",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
        },
        {
          "name": "RHSA-2016:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
        },
        {
          "name": "RHSA-2016:1430",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
        },
        {
          "name": "RHSA-2016:0708",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
        },
        {
          "name": "RHSA-2016:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
        },
        {
          "name": "RHSA-2016:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
        },
        {
          "name": "SUSE-SU-2016:1378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
        },
        {
          "name": "SUSE-SU-2016:1248",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
        },
        {
          "name": "USN-2964-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2964-1"
        },
        {
          "name": "openSUSE-SU-2016:1230",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:1458",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
        },
        {
          "name": "GLSA-201606-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201606-18"
        },
        {
          "name": "RHSA-2016:0716",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
        },
        {
          "name": "1035596",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035596"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "openSUSE-SU-2016:1265",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
        },
        {
          "name": "USN-2963-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2963-1"
        },
        {
          "name": "RHSA-2016:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
        },
        {
          "name": "SUSE-SU-2016:1250",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:1388",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
        },
        {
          "name": "RHSA-2016:0702",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
        },
        {
          "name": "RHSA-2016:0679",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
        },
        {
          "name": "RHSA-2017:1216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1216"
        },
        {
          "name": "DSA-3558",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3558"
        },
        {
          "name": "RHSA-2016:0678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
        },
        {
          "name": "86421",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/86421"
        },
        {
          "name": "RHSA-2016:0650",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
        },
        {
          "name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
        },
        {
          "name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-3427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2016:1222",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
            },
            {
              "name": "RHSA-2016:0677",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
            },
            {
              "name": "SUSE-SU-2016:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
            },
            {
              "name": "RHSA-2016:1039",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
            },
            {
              "name": "RHSA-2016:0701",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
            },
            {
              "name": "USN-2972-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2972-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "SUSE-SU-2016:1303",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
            },
            {
              "name": "1037331",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037331"
            },
            {
              "name": "SUSE-SU-2016:1475",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
            },
            {
              "name": "openSUSE-SU-2016:1235",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2016:1262",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
            },
            {
              "name": "SUSE-SU-2016:1300",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
            },
            {
              "name": "RHSA-2016:0676",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
            },
            {
              "name": "RHSA-2016:1430",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1430"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20160420-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
            },
            {
              "name": "RHSA-2016:0708",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
            },
            {
              "name": "RHSA-2016:0723",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
            },
            {
              "name": "RHSA-2016:0651",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
            },
            {
              "name": "SUSE-SU-2016:1378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
            },
            {
              "name": "SUSE-SU-2016:1248",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:1379",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
            },
            {
              "name": "USN-2964-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2964-1"
            },
            {
              "name": "openSUSE-SU-2016:1230",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:1458",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
            },
            {
              "name": "GLSA-201606-18",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201606-18"
            },
            {
              "name": "RHSA-2016:0716",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
            },
            {
              "name": "1035596",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035596"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "openSUSE-SU-2016:1265",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
            },
            {
              "name": "USN-2963-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2963-1"
            },
            {
              "name": "RHSA-2016:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
            },
            {
              "name": "SUSE-SU-2016:1250",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:1388",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
            },
            {
              "name": "RHSA-2016:0702",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
            },
            {
              "name": "RHSA-2016:0679",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
            },
            {
              "name": "RHSA-2017:1216",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1216"
            },
            {
              "name": "DSA-3558",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3558"
            },
            {
              "name": "RHSA-2016:0678",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
            },
            {
              "name": "86421",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/86421"
            },
            {
              "name": "RHSA-2016:0650",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[cassandra-user] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258@%3Cuser.cassandra.apache.org%3E"
            },
            {
              "name": "[cassandra-dev] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948@%3Cdev.cassandra.apache.org%3E"
            },
            {
              "name": "[oss-security] 20200831 CVE-2016-3427 Apache Cassandra Unspecified vulnerability related to JMX",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-3427",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2016-03-17T00:00:00",
    "dateUpdated": "2024-10-08T15:07:05.221Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-5300
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:41
Severity ?
Summary
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
http://rhn.redhat.com/errata/RHSA-2015-1930.htmlvendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://seclists.org/bugtraq/2016/Feb/164mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlx_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2783-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlvendor-advisory, x_refsource_SUSE
https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01x_refsource_MISC
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlx_refsource_CONFIRM
http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securitx_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1271076x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=swg21980676x_refsource_CONFIRM
https://support.citrix.com/article/CTX220112x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlvendor-advisory, x_refsource_FEDORA
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.htmlvendor-advisory, x_refsource_FEDORA
http://www.debian.org/security/2015/dsa-3388vendor-advisory, x_refsource_DEBIAN
https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlx_refsource_CONFIRM
http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.ascx_refsource_CONFIRM
https://www.cs.bu.edu/~goldbe/NTPattack.htmlx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.htmlvendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1034670vdb-entry, x_refsource_SECTRACK
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073x_refsource_CONFIRM
http://www.securityfocus.com/bid/77312vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlvendor-advisory, x_refsource_SUSE
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.ascvendor-advisory, x_refsource_FREEBSD
https://www-01.ibm.com/support/docview.wss?uid=swg21979393x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlvendor-advisory, x_refsource_SUSE
https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlvendor-advisory, x_refsource_SUSE
https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa113x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=swg21983501x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821x_refsource_CONFIRM
http://support.ntp.org/bin/view/Main/NtpBug2956x_refsource_CONFIRM
https://www-01.ibm.com/support/docview.wss?uid=swg21983506x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlvendor-advisory, x_refsource_SUSE
https://security.netapp.com/advisory/ntap-20171004-0001/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:09.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:1930",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
          },
          {
            "name": "SUSE-SU:2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Feb/164"
          },
          {
            "name": "openSUSE-SU:2016:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "USN-2783-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2783-1"
          },
          {
            "name": "SUSE-SU:2016:1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX220112"
          },
          {
            "name": "FEDORA-2015-77bfbc1bcd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
          },
          {
            "name": "FEDORA-2015-f5f5ec7b6b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
          },
          {
            "name": "DSA-3388",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3388"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
          },
          {
            "name": "SUSE-SU:2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "FEDORA-2016-34bc10a2c8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
          },
          {
            "name": "1034670",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034670"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
          },
          {
            "name": "77312",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77312"
          },
          {
            "name": "SUSE-SU:2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "FreeBSD-SA-16:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
          },
          {
            "name": "openSUSE-SU:2016:1292",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
          },
          {
            "name": "SUSE-SU:2016:1247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa113"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
          },
          {
            "name": "SUSE-SU:2016:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-09T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2015:1930",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
        },
        {
          "name": "SUSE-SU:2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/bugtraq/2016/Feb/164"
        },
        {
          "name": "openSUSE-SU:2016:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "name": "USN-2783-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2783-1"
        },
        {
          "name": "SUSE-SU:2016:1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX220112"
        },
        {
          "name": "FEDORA-2015-77bfbc1bcd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
        },
        {
          "name": "FEDORA-2015-f5f5ec7b6b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
        },
        {
          "name": "DSA-3388",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3388"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
        },
        {
          "name": "SUSE-SU:2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "FEDORA-2016-34bc10a2c8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
        },
        {
          "name": "1034670",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034670"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
        },
        {
          "name": "77312",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77312"
        },
        {
          "name": "SUSE-SU:2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "FreeBSD-SA-16:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
        },
        {
          "name": "openSUSE-SU:2016:1292",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
        },
        {
          "name": "SUSE-SU:2016:1247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa113"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
        },
        {
          "name": "SUSE-SU:2016:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5300",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:1930",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
            },
            {
              "name": "SUSE-SU:2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
              "refsource": "MLIST",
              "url": "http://seclists.org/bugtraq/2016/Feb/164"
            },
            {
              "name": "openSUSE-SU:2016:1423",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "USN-2783-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2783-1"
            },
            {
              "name": "SUSE-SU:2016:1177",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
            },
            {
              "name": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
            },
            {
              "name": "https://support.citrix.com/article/CTX220112",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX220112"
            },
            {
              "name": "FEDORA-2015-77bfbc1bcd",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
            },
            {
              "name": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
            },
            {
              "name": "FEDORA-2015-f5f5ec7b6b",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
            },
            {
              "name": "DSA-3388",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3388"
            },
            {
              "name": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
            },
            {
              "name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
              "refsource": "MISC",
              "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
            },
            {
              "name": "SUSE-SU:2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "FEDORA-2016-34bc10a2c8",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
            },
            {
              "name": "1034670",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034670"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
            },
            {
              "name": "77312",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77312"
            },
            {
              "name": "SUSE-SU:2016:1311",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "FreeBSD-SA-16:02",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
            },
            {
              "name": "openSUSE-SU:2016:1292",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
            },
            {
              "name": "SUSE-SU:2016:1247",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa113",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug2956",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
            },
            {
              "name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506",
              "refsource": "CONFIRM",
              "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
            },
            {
              "name": "SUSE-SU:2016:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5300",
    "datePublished": "2017-07-21T14:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:09.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-4953
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
References
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/91010vdb-entry, x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlvendor-advisory, x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascvendor-advisory, x_refsource_FREEBSD
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlvendor-advisory, x_refsource_SUSE
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usx_refsource_CONFIRM
http://support.ntp.org/bin/view/Main/NtpBug3045x_refsource_CONFIRM
http://www.securitytracker.com/id/1036037vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlvendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://support.ntp.org/bin/view/Main/SecurityNoticex_refsource_CONFIRM
http://bugs.ntp.org/3045x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201607-15vendor-advisory, x_refsource_GENTOO
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.htmlx_refsource_MISC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpdvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/archive/1/540683/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.htmlx_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.htmlvendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/538599/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/538600/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://www.kb.cert.org/vuls/id/321640third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfx_refsource_CONFIRM
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:46:39.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1602",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
          },
          {
            "name": "91010",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91010"
          },
          {
            "name": "openSUSE-SU-2016:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
          },
          {
            "name": "FreeBSD-SA-16:24",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
          },
          {
            "name": "1036037",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036037"
          },
          {
            "name": "SUSE-SU-2016:1584",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/321640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ntp.org/3045"
          },
          {
            "name": "openSUSE-SU-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
          },
          {
            "name": "SUSE-SU-2016:1563",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
          },
          {
            "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
          },
          {
            "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
          },
          {
            "name": "SUSE-SU-2016:1568",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
          },
          {
            "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
          },
          {
            "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
          },
          {
            "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
          },
          {
            "name": "VU#321640",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/321640"
          },
          {
            "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
          },
          {
            "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-16T12:08:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1602",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
        },
        {
          "name": "91010",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91010"
        },
        {
          "name": "openSUSE-SU-2016:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
        },
        {
          "name": "FreeBSD-SA-16:24",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
        },
        {
          "name": "SUSE-SU-2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
        },
        {
          "name": "1036037",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036037"
        },
        {
          "name": "SUSE-SU-2016:1584",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "SUSE-SU-2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/321640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ntp.org/3045"
        },
        {
          "name": "openSUSE-SU-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
        },
        {
          "name": "SUSE-SU-2016:1563",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
        },
        {
          "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
        },
        {
          "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
        },
        {
          "name": "SUSE-SU-2016:1568",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
        },
        {
          "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
        },
        {
          "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
        },
        {
          "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
        },
        {
          "name": "VU#321640",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/321640"
        },
        {
          "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
        },
        {
          "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4953",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1602",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
            },
            {
              "name": "91010",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91010"
            },
            {
              "name": "openSUSE-SU-2016:1583",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
            },
            {
              "name": "FreeBSD-SA-16:24",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug3045",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
            },
            {
              "name": "1036037",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036037"
            },
            {
              "name": "SUSE-SU-2016:1584",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
            },
            {
              "name": "http://bugs.ntp.org/3045",
              "refsource": "CONFIRM",
              "url": "http://bugs.ntp.org/3045"
            },
            {
              "name": "openSUSE-SU-2016:1636",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:1563",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
            },
            {
              "name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
            },
            {
              "name": "SUSE-SU-2016:1568",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
            },
            {
              "name": "VU#321640",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/321640"
            },
            {
              "name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
            },
            {
              "name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
              "refsource": "CONFIRM",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-4953",
    "datePublished": "2016-07-05T01:00:00",
    "dateReserved": "2016-05-23T00:00:00",
    "dateUpdated": "2024-08-06T00:46:39.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7976
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:06
Severity ?
Summary
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdvendor-advisory, x_refsource_CISCO
http://www.ubuntu.com/usn/USN-3096-1vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlvendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id/1034782vdb-entry, x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlvendor-advisory, x_refsource_SUSE
https://www.kb.cert.org/vuls/id/718152third-party-advisory, x_refsource_CERT-VN
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlvendor-advisory, x_refsource_SUSE
http://support.ntp.org/bin/view/Main/NtpBug2938x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20171031-0001/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlvendor-advisory, x_refsource_SUSE
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.ascvendor-advisory, x_refsource_FREEBSD
https://bto.bluecoat.com/security-advisory/sa113x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/201607-15vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
          },
          {
            "name": "USN-3096-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3096-1"
          },
          {
            "name": "SUSE-SU-2016:1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "1034782",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034782"
          },
          {
            "name": "openSUSE-SU-2016:1292",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
          },
          {
            "name": "VU#718152",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/718152"
          },
          {
            "name": "SUSE-SU-2016:1247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
          },
          {
            "name": "SUSE-SU-2016:1311",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
          },
          {
            "name": "FreeBSD-SA-16:09",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa113"
          },
          {
            "name": "openSUSE-SU-2016:1423",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
          },
          {
            "name": "GLSA-201607-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-20T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
        },
        {
          "name": "USN-3096-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3096-1"
        },
        {
          "name": "SUSE-SU-2016:1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
        },
        {
          "name": "SUSE-SU-2016:1912",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
        },
        {
          "name": "1034782",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034782"
        },
        {
          "name": "openSUSE-SU-2016:1292",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
        },
        {
          "name": "VU#718152",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/718152"
        },
        {
          "name": "SUSE-SU-2016:1247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
        },
        {
          "name": "SUSE-SU-2016:1311",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
        },
        {
          "name": "SUSE-SU-2016:2094",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
        },
        {
          "name": "FreeBSD-SA-16:09",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa113"
        },
        {
          "name": "openSUSE-SU-2016:1423",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
        },
        {
          "name": "GLSA-201607-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
            },
            {
              "name": "USN-3096-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "SUSE-SU-2016:1177",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "1034782",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034782"
            },
            {
              "name": "openSUSE-SU-2016:1292",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "VU#718152",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "SUSE-SU-2016:1247",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug2938",
              "refsource": "CONFIRM",
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
            },
            {
              "name": "SUSE-SU-2016:1311",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "FreeBSD-SA-16:09",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa113",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7976",
    "datePublished": "2017-01-30T21:00:00",
    "dateReserved": "2015-10-23T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2024-11-21 02:53
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
References
cve@mitre.orghttp://bugs.ntp.org/3043Issue Tracking, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
cve@mitre.orghttp://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
cve@mitre.orghttp://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug3043Patch, Vendor Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/SecurityNoticeRelease Notes, Vendor Advisory
cve@mitre.orghttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
cve@mitre.orghttp://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/538599/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/538600/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/91007Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-3096-1
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201607-15Third Party Advisory
cve@mitre.orghttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
cve@mitre.orghttps://www.kb.cert.org/vuls/id/321640
af854a3a-2127-422b-91ae-364da2661108http://bugs.ntp.org/3043Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug3043Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/SecurityNoticeRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538599/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91007Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-3096-1
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201607-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/321640
Impacted products
Vendor Product Version
ntp ntp *
ntp ntp *
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
oracle solaris 10
oracle solaris 11.3
suse manager_proxy 2.1
suse openstack_cloud 5
novell suse_manager 2.1
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
siemens simatic_net_cp_443-1_opc_ua_firmware *
siemens simatic_net_cp_443-1_opc_ua -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
              "versionEndExcluding": "4.2.8",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "863751A2-A97F-47CD-8D57-6D60E6F3593D",
              "versionEndExcluding": "4.3.93",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
              "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
              "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
              "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
              "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "514646C5-C5D4-487E-8950-B3A2B1DE8EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
    },
    {
      "lang": "es",
      "value": "ntpd en NTP 4.x en versiones anteriores a 4.2.8p8, cuando est\u00e1 habilitada la autoclave, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (limpiando el par variable y corte de asociaci\u00f3n) enviando (1) un paquete crypto-NAK manipulado o (2) un paquete con un valor MAC incorrecto en un momento determinado."
    }
  ],
  "id": "CVE-2016-4955",
  "lastModified": "2024-11-21T02:53:17.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-05T01:59:02.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3043"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91007"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/321640"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-03-09 23:59
Modified
2024-11-21 02:46
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlMailing List
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlMailing List
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlMailing List
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlMailing List
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlMailing List
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlMailing List
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0562.htmlThird Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0601.htmlThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3511Third Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlThird Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlThird Party Advisory
cve@mitre.orghttp://www.securitytracker.com/id/1035236Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2925-1Third Party Advisory
cve@mitre.orghttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821Third Party Advisory
cve@mitre.orghttps://kb.isc.org/article/AA-01352Vendor Advisory
cve@mitre.orghttps://kb.isc.org/article/AA-01380Broken Link, Release Notes
cve@mitre.orghttps://kb.isc.org/article/AA-01438Broken Link
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.ascThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201610-07Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0562.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0601.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3511Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035236Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2925-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/article/AA-01352Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/article/AA-01380Broken Link, Release Notes
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/article/AA-01438Broken Link
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201610-07Third Party Advisory
Impacted products
Vendor Product Version
isc bind *
isc bind *
isc bind 9.9.8
isc bind 9.9.8
isc bind 9.9.8
isc bind 9.9.8
isc bind 9.10.3
isc bind 9.10.3
isc bind 9.10.3
isc bind 9.10.3
isc bind 9.10.3
isc bind 9.10.3
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 11.4
opensuse opensuse 13.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 11
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 12
fedoraproject fedora 22
fedoraproject fedora 23
fedoraproject fedora 24
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46-d10
juniper junos 12.1x46-d76
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper vsrx -
juniper srx100 -
juniper srx110 -
juniper srx1400 -
juniper srx1500 -
juniper srx1600 -
juniper srx210 -
juniper srx220 -
juniper srx2300 -
juniper srx240 -
juniper srx240h2 -
juniper srx240m -
juniper srx300 -
juniper srx320 -
juniper srx340 -
juniper srx3400 -
juniper srx345 -
juniper srx3600 -
juniper srx380 -
juniper srx4000 -
juniper srx4100 -
juniper srx4200 -
juniper srx4300 -
juniper srx4600 -
juniper srx4700 -
juniper srx5000 -
juniper srx5400 -
juniper srx550 -
juniper srx550_hm -
juniper srx550m -
juniper srx5600 -
juniper srx5800 -
juniper srx650 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842D7E6-54A8-44C8-A241-1CE8B7B8BDAE",
              "versionEndExcluding": "9.9.8",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B076C1-84ED-4924-B65A-994A23B78345",
              "versionEndExcluding": "9.10.3",
              "versionStartIncluding": "9.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "B41581B6-E576-4273-A2B8-CDB1AD1497B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "B02B1665-1283-4B0B-9AD2-827C8BEFCF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.8:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A7CE97C3-AE65-407B-B209-9809923732AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86C0C8FC-6004-4DFF-919C-068DEC26FA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "D4C46844-7B97-4EBA-9B9D-715498B5FEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "BF170094-2C93-4630-A827-C2335D75425B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "88359A5D-CE32-4920-BE5D-98EC262B41EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "B77760E4-57C5-4A5E-A169-C84409930757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "24E9CBCA-241C-4EF6-8C0C-FA32E81B8B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "893ACAAC-406E-4A1C-970B-A15B42961271",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*",
              "matchCriteriaId": "92F31F7F-02E0-4E63-A600-DF8AB4E3BAA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
              "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
              "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
              "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
              "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*",
              "matchCriteriaId": "50E7FD07-A309-48EC-A520-C7F0FA35865C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*",
              "matchCriteriaId": "F868948A-04D7-473B-971F-721302653633",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*",
              "matchCriteriaId": "830A9EBA-88F1-4277-B98F-75AC52A60824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*",
              "matchCriteriaId": "BFA2ADAB-E486-4DBB-8B84-CC095D102278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:*",
              "matchCriteriaId": "9ACD0C03-ACD9-4D47-B3EE-1D8753FF5A83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d60:*:*:*:*:*:*",
              "matchCriteriaId": "0DD32D8A-7531-4691-B45D-9EACC69A23D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d65:*:*:*:*:*:*",
              "matchCriteriaId": "76DFA52F-5B2E-47DA-9A8E-7D17A7413929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d66:*:*:*:*:*:*",
              "matchCriteriaId": "4D363E73-ABC4-4E9F-9E7B-86087D3A3F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d67:*:*:*:*:*:*",
              "matchCriteriaId": "A7502F95-BADC-432A-B7BE-8E9931FA1448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d70:*:*:*:*:*:*",
              "matchCriteriaId": "9451CD3F-BF4E-4BBC-AD00-660BE2B313C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d71:*:*:*:*:*:*",
              "matchCriteriaId": "C63E8B17-250D-4D74-9A1F-2F3577D9A071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d72:*:*:*:*:*:*",
              "matchCriteriaId": "801AB7D7-3407-4F8B-83C4-CC16076DB0E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d73:*:*:*:*:*:*",
              "matchCriteriaId": "FA4104D4-3FA2-4936-ACBD-06B0BD0B9E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d76:*:*:*:*:*:*",
              "matchCriteriaId": "090BB276-C169-4A41-B03D-0EC40D20E8BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d77:*:*:*:*:*:*",
              "matchCriteriaId": "51732A2B-52E2-4356-8409-5CB6D79F23DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46-d10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6390879-1AB9-4B11-A8A8-6B914F52EB83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46-d76:-:*:*:*:*:*:*",
              "matchCriteriaId": "D6A2BAF7-8D71-474C-9F72-FF5DABC69749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*",
              "matchCriteriaId": "AC1FED64-8725-4978-9EBF-E3CD8EF338E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
              "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*",
              "matchCriteriaId": "A4AC2E1E-74FB-4DA3-8292-B2079F83FF54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*",
              "matchCriteriaId": "5FF83BD0-3B28-481E-8C8F-09ECDA493DA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*",
              "matchCriteriaId": "6E296274-AFC1-4F56-A4B3-827C2E0BC9D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*",
              "matchCriteriaId": "3C82799B-BD25-4359-9E3D-4D7CA7367525",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d35:*:*:*:*:*:*",
              "matchCriteriaId": "094485FF-960C-4533-A2AF-6C4D420D260D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d40:*:*:*:*:*:*",
              "matchCriteriaId": "F8BE3661-1DE5-4F57-9384-68C1B34F6812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d45:*:*:*:*:*:*",
              "matchCriteriaId": "B45E8A14-E7F4-41EB-9BFA-7A19E35D11FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d50:*:*:*:*:*:*",
              "matchCriteriaId": "C6C694C6-C58C-4513-91E8-6CC22A2386E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d51:*:*:*:*:*:*",
              "matchCriteriaId": "64A0CCD4-91BA-440E-A14C-48E67D1F03A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d55:*:*:*:*:*:*",
              "matchCriteriaId": "6B65EF51-ED97-4973-94C4-8F66C553F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d60:*:*:*:*:*:*",
              "matchCriteriaId": "9EE7C08A-2A4B-4A84-AD95-A890913E2EE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d65:*:*:*:*:*:*",
              "matchCriteriaId": "44C61900-680C-4C74-8B96-ACC93FE9465E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d66:*:*:*:*:*:*",
              "matchCriteriaId": "6A793CCD-397E-45DA-9349-D01C69AB96D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d70:*:*:*:*:*:*",
              "matchCriteriaId": "B6C38637-ABE0-419A-A053-CBE076766551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d75:*:*:*:*:*:*",
              "matchCriteriaId": "1F87EF0D-E609-4D4A-B228-CEF05C753E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*",
              "matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d100:*:*:*:*:*:*",
              "matchCriteriaId": "856A5668-FA4F-44E9-A3F0-BE4979F631E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d110:*:*:*:*:*:*",
              "matchCriteriaId": "F3B2DA4D-5E5D-4E09-BE4D-5B3371703D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d120:*:*:*:*:*:*",
              "matchCriteriaId": "FA2459ED-DFA5-4701-AF92-C2928C3BD64D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d130:*:*:*:*:*:*",
              "matchCriteriaId": "8830C4BC-2B3D-4CCF-A37E-79C2D46159BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d131:*:*:*:*:*:*",
              "matchCriteriaId": "40D42ACF-860C-4B47-8E25-7DEC30FB8064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d140:*:*:*:*:*:*",
              "matchCriteriaId": "C808E08F-1992-43DD-A106-E920DC784831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d15:*:*:*:*:*:*",
              "matchCriteriaId": "C8C94365-988C-4A14-8E49-846152FDC666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d150:*:*:*:*:*:*",
              "matchCriteriaId": "E288F54B-AEA3-412F-85A4-EBDFE74DB84F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d160:*:*:*:*:*:*",
              "matchCriteriaId": "02AAC05C-1C4B-4F35-A286-52D20DFD6212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d170:*:*:*:*:*:*",
              "matchCriteriaId": "080422D3-B508-4049-B558-4B04BF2E8AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d180:*:*:*:*:*:*",
              "matchCriteriaId": "2FAFD8F8-CBD2-45CA-BD3C-875C8FA1D778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*",
              "matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d25:*:*:*:*:*:*",
              "matchCriteriaId": "6825F6BA-B48F-4E02-938F-6B297E21BA07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*",
              "matchCriteriaId": "0E5FAA97-171F-4DB9-B78E-6E1A5F34336A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d35:*:*:*:*:*:*",
              "matchCriteriaId": "870244F3-1C05-4F10-A205-5189BB860F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d40:*:*:*:*:*:*",
              "matchCriteriaId": "235EE40B-AA15-4F39-8087-A051F4F70995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d45:*:*:*:*:*:*",
              "matchCriteriaId": "17330544-3AFC-463E-A146-2840A8AE17D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d50:*:*:*:*:*:*",
              "matchCriteriaId": "8ABA301F-7866-42A5-8391-E07BEAFF06FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d55:*:*:*:*:*:*",
              "matchCriteriaId": "884E4A85-ED42-4391-9FDD-9052F957743A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d60:*:*:*:*:*:*",
              "matchCriteriaId": "1901864B-688B-4352-A587-4B96B4E49FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d65:*:*:*:*:*:*",
              "matchCriteriaId": "78F53FBF-C6D8-4AE5-87EC-9D9F88DCEFB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d70:*:*:*:*:*:*",
              "matchCriteriaId": "1B6670FB-9F5A-469B-97F2-074C28572065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d75:*:*:*:*:*:*",
              "matchCriteriaId": "71198992-83AA-4E28-BA7D-A3C1897B5E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d80:*:*:*:*:*:*",
              "matchCriteriaId": "4323D874-C317-4D76-8E2D-C82376D84CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d90:*:*:*:*:*:*",
              "matchCriteriaId": "F56067DA-EBA9-481A-B60B-52148584EFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "267A3603-BC18-442E-803A-4CAEB6493433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
              "matchCriteriaId": "BA8D32E4-1892-46DC-9782-5466A14E18D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "25C7C3D0-A203-4979-8375-A610ADD48E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
              "matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "565AE6D8-28A9-4A62-A886-5BAB954695D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "0C366F93-BB30-4144-99AE-40B676977834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "488BB10A-1360-42E5-A68D-23D51B332850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "64988F0A-E02C-455B-99C9-4059C896416F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "DC2ACA85-FA89-40F0-A2AD-778E1CB02A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*",
              "matchCriteriaId": "9F431D3D-5D55-45A9-98E8-00CB1D4C0196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "DF3F9F86-166F-45E4-92B7-3DD3B06199F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
              "matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
              "matchCriteriaId": "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "05060C06-18C1-40E8-AE01-385B036CC9AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*",
              "matchCriteriaId": "341417EE-71C2-465C-96CA-65B2B5B63FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*",
              "matchCriteriaId": "A701A73D-A795-47DD-8EB5-55D1CDF67A49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s12:*:*:*:*:*:*",
              "matchCriteriaId": "CC1EE8D6-8963-49D8-84C7-C9406B04D9EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s13:*:*:*:*:*:*",
              "matchCriteriaId": "03BCD35E-29D3-4F8C-ABE9-32C7010FD796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "0C752783-4843-407B-AF33-0E1D36FCAAF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "006EE425-A146-4E10-B050-7E754BB8402A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "2B482BCC-1F0C-47AA-B63B-1B39CEF7B2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
              "matchCriteriaId": "A636F9F2-2DA7-4A27-AD80-FD1B34DFCA94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
              "matchCriteriaId": "4EC7D216-D8F3-4ABD-97C9-4C9FB6DF64FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
              "matchCriteriaId": "5E327643-D8D8-4EFA-9F38-BA862A919501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
              "matchCriteriaId": "1BC6CE1C-9DD8-429E-BDC2-251D8C8674E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
              "matchCriteriaId": "63B00B4F-3E65-4CB2-807D-43908B570AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "A7380B3E-09F5-4497-86C6-11EF56BD89F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5AD05209-1274-4F8A-9FA2-A1A8DFCC5755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s13:*:*:*:*:*:*",
              "matchCriteriaId": "F144834D-7FC0-4B60-AFCB-AD86BA121719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "C97683B3-A07B-428F-9535-C49B55305679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "A14CE132-C56B-43D8-A248-AB6A2D1A7B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "73978DD8-BD92-4872-8F35-AF2B9BCA1ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "678F57D1-2595-4AF3-BB87-AF2E1FE3CBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*",
              "matchCriteriaId": "7988CE92-71D2-4EEC-B596-4A60E2C1136A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*",
              "matchCriteriaId": "330D176F-8DAD-440C-A623-44FA233FAB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*",
              "matchCriteriaId": "8CC5EAB8-1364-4325-9F01-BE7CC479C29D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "0070B31B-59DC-46E9-93E0-1E8BF3560BFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "5F711936-33A1-47FC-A6A0-A63088915815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "21B7820C-01D2-401C-9E6D-C83994FD5961",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "3D2FBD29-2CAC-41B4-9336-671373EF4A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "EEFCDA90-67E2-4AEF-800C-1D29A9121B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "74B99981-840F-4DAD-976A-5DAEFE9FB93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
              "matchCriteriaId": "BDD3ADB9-35FF-41D3-92BD-98D6D4826B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
              "matchCriteriaId": "341F2459-8335-40E9-A2B3-BE804D319F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*",
              "matchCriteriaId": "0CD17956-8E8C-489D-927A-5709C05EA705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s8:*:*:*:*:*:*",
              "matchCriteriaId": "27D9AEBC-2CA3-4E17-9543-D60B10BA2AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "A2ABC574-B3FC-4025-B50D-7F9EEB28C806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "6F6EAFC3-C3AC-4361-8530-39FCF89702F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "92FB1BF6-8852-45D8-817C-36CDBE730801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "6B363298-315C-4FD5-9417-C5B82883A224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
              "matchCriteriaId": "EB08FF7B-01F5-4A19-858E-E2CD19D61A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "EE1F82EC-3222-4158-8923-59CDA1909A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "8FE95D15-B5E5-4E74-9464-C72D8B646A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "C012CD07-706A-4E1C-B399-C55AEF5C8309",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:vsrx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F68E75-E6C6-4DB4-AE0E-C5637ECE7C88",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE06B18-BFB5-4029-A05D-386CFBFBF683",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A1DCCD-208C-46D9-8E14-89592B49AB9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E020556B-693F-4963-BA43-3164AB50FA49",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0D31FF-0812-42B8-B25E-03C35EC1B021",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A03463-6B1D-4DBA-9E89-CAD5E899B98B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "826F893F-7B06-43B5-8653-A8D9794C052E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "462CFD52-D3E2-4F7A-98AC-C589D2420556",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABA347C-3EF3-4F75-B4D1-54590A57C2BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06685D0E-A075-49A5-9EF4-34F0F795C8C6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F0B735-8C49-4B08-950A-296C9CDE43CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c."
    },
    {
      "lang": "es",
      "value": "named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 no maneja adecuadamente los archivos DNAME cuando analiza gramaticalmente la recuperaci\u00f3n de mensajes contestados, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y salida de demonio) a trav\u00e9s de un paquete mal formado en la interfaz rndc (tambi\u00e9n conocido como canal de control), relacionado con alist.c y sexpr.c."
    }
  ],
  "id": "CVE-2016-1285",
  "lastModified": "2024-11-21T02:46:06.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-09T23:59:02.133",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3511"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035236"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2925-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-01352"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Release Notes"
      ],
      "url": "https://kb.isc.org/article/AA-01380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://kb.isc.org/article/AA-01438"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201610-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2925-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-01352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Release Notes"
      ],
      "url": "https://kb.isc.org/article/AA-01380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://kb.isc.org/article/AA-01438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201610-07"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-21 14:29
Modified
2024-11-21 02:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
References
secalert@redhat.comhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.ascThird Party Advisory
secalert@redhat.comhttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhgIssue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlBroken Link
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2016-12/msg00153.htmlBroken Link
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-0780.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2583.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3388Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/08/25/3Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/76473Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1255118Issue Tracking
secalert@redhat.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfThird Party Advisory
secalert@redhat.comhttps://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://us-cert.cisa.gov/ics/advisories/icsa-21-103-11Third Party Advisory, US Government Resource
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=isg3T1024157Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21985122Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21986956Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21988706Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21989542Third Party Advisory
secalert@redhat.comhttps://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=51786731Gr4-NOrTBC_a_uXO4wuGhgIssue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0780.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2583.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3388Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/08/25/3Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/76473Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1255118Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21985122Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21986956Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21988706Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21989542Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409Third Party Advisory
Impacted products
Vendor Product Version
fedoraproject fedora 21
fedoraproject fedora 22
fedoraproject fedora 23
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
canonical ubuntu_linux 15.10
ntp ntp *
novell leap 42.2
opensuse leap 42.1
siemens tim_4r-ie_firmware *
siemens tim_4r-ie -
siemens tim_4r-id_dnp3_firmware *
siemens tim_4r-id_dnp3 -
oracle linux 6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A33B9F5-E0D1-4A3E-9FFB-5602A25F3227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "53F0F5A0-70D9-4305-A834-B6FF71E27B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BCD7DC-0FEF-477D-8698-F8D8F1A49D90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:p355:*:*:*:*:*:*",
              "matchCriteriaId": "07FBDFE4-D886-4461-A360-480F50BD12C7",
              "versionEndIncluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64AAD2D-38ED-4BA2-A27A-A2716F28D43A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:tim_4r-id_dnp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8851DB6-6B63-4D78-A100-50F81B4DF75B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:tim_4r-id_dnp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A8AC343-6F4F-4CAF-BD09-F8F1D2F6DBB0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ULOGTOD en el archivo ntp.d en SNTP en versiones anteriores a la 4.2.7p366 no realiza apropiadamente las conversiones de tipo de un valor de precisi\u00f3n a uno doble, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) por medio de un paquete NTP creado."
    }
  ],
  "id": "CVE-2015-5219",
  "lastModified": "2024-11-21T02:32:35.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-21T14:29:00.867",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/76473"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2783-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/76473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2783-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-704"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-03-09 23:59
Modified
2024-11-21 02:46
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlThird Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0562.htmlThird Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2016-0601.htmlThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2016/dsa-3511Third Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlThird Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlThird Party Advisory
cve@mitre.orghttp://www.securitytracker.com/id/1035237Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2925-1Third Party Advisory
cve@mitre.orghttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821Third Party Advisory
cve@mitre.orghttps://kb.isc.org/article/AA-01353Vendor Advisory
cve@mitre.orghttps://kb.isc.org/article/AA-01380Release Notes, Vendor Advisory
cve@mitre.orghttps://kb.isc.org/article/AA-01438Broken Link, Vendor Advisory
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.ascThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201610-07Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=146191105921542&w=2Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0562.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0601.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3511Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035237Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2925-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/article/AA-01353Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/article/AA-01380Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/article/AA-01438Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201610-07Third Party Advisory
Impacted products
Vendor Product Version
isc bind *
isc bind *
isc bind 9.9.8
isc bind 9.9.8
isc bind 9.9.8
isc bind 9.9.8
isc bind 9.10.3
isc bind 9.10.3
isc bind 9.10.3
isc bind 9.10.3
isc bind 9.10.3
isc bind 9.10.3
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 11.4
opensuse opensuse 13.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 11
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 12
fedoraproject fedora 22
fedoraproject fedora 23
fedoraproject fedora 24
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46
juniper junos 12.1x46-d10
juniper junos 12.1x46-d76
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 12.3x48
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 15.1x49
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.3
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 17.4
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.1
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.2
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.3
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper junos 18.4
juniper vsrx -
juniper srx100 -
juniper srx110 -
juniper srx1400 -
juniper srx1500 -
juniper srx1600 -
juniper srx210 -
juniper srx220 -
juniper srx2300 -
juniper srx240 -
juniper srx240h2 -
juniper srx240m -
juniper srx300 -
juniper srx320 -
juniper srx340 -
juniper srx3400 -
juniper srx345 -
juniper srx3600 -
juniper srx380 -
juniper srx4000 -
juniper srx4100 -
juniper srx4200 -
juniper srx4300 -
juniper srx4600 -
juniper srx4700 -
juniper srx5000 -
juniper srx5400 -
juniper srx550 -
juniper srx550_hm -
juniper srx550m -
juniper srx5600 -
juniper srx5800 -
juniper srx650 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842D7E6-54A8-44C8-A241-1CE8B7B8BDAE",
              "versionEndExcluding": "9.9.8",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B076C1-84ED-4924-B65A-994A23B78345",
              "versionEndExcluding": "9.10.3",
              "versionStartIncluding": "9.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "B41581B6-E576-4273-A2B8-CDB1AD1497B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "B02B1665-1283-4B0B-9AD2-827C8BEFCF3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.8:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A7CE97C3-AE65-407B-B209-9809923732AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "86C0C8FC-6004-4DFF-919C-068DEC26FA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "D4C46844-7B97-4EBA-9B9D-715498B5FEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "BF170094-2C93-4630-A827-C2335D75425B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "88359A5D-CE32-4920-BE5D-98EC262B41EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "B77760E4-57C5-4A5E-A169-C84409930757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "24E9CBCA-241C-4EF6-8C0C-FA32E81B8B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "893ACAAC-406E-4A1C-970B-A15B42961271",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:-:*:*:*:*:*:*",
              "matchCriteriaId": "92F31F7F-02E0-4E63-A600-DF8AB4E3BAA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d10:*:*:*:*:*:*",
              "matchCriteriaId": "A71742CF-50B1-44BB-AB7B-27E5DCC9CF70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d15:*:*:*:*:*:*",
              "matchCriteriaId": "4FD4237A-C257-4D8A-ABC4-9B2160530A4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d20:*:*:*:*:*:*",
              "matchCriteriaId": "5A449C87-C5C3-48FE-9E46-64ED5DD5F193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d25:*:*:*:*:*:*",
              "matchCriteriaId": "F4B6215F-76BF-473F-B325-0975B0EB101E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d30:*:*:*:*:*:*",
              "matchCriteriaId": "A1C4A10C-49A3-4103-9E56-F881113BC5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d35:*:*:*:*:*:*",
              "matchCriteriaId": "50E7FD07-A309-48EC-A520-C7F0FA35865C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d40:*:*:*:*:*:*",
              "matchCriteriaId": "F868948A-04D7-473B-971F-721302653633",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d45:*:*:*:*:*:*",
              "matchCriteriaId": "830A9EBA-88F1-4277-B98F-75AC52A60824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d50:*:*:*:*:*:*",
              "matchCriteriaId": "BFA2ADAB-E486-4DBB-8B84-CC095D102278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d55:*:*:*:*:*:*",
              "matchCriteriaId": "9ACD0C03-ACD9-4D47-B3EE-1D8753FF5A83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d60:*:*:*:*:*:*",
              "matchCriteriaId": "0DD32D8A-7531-4691-B45D-9EACC69A23D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d65:*:*:*:*:*:*",
              "matchCriteriaId": "76DFA52F-5B2E-47DA-9A8E-7D17A7413929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d66:*:*:*:*:*:*",
              "matchCriteriaId": "4D363E73-ABC4-4E9F-9E7B-86087D3A3F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d67:*:*:*:*:*:*",
              "matchCriteriaId": "A7502F95-BADC-432A-B7BE-8E9931FA1448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d70:*:*:*:*:*:*",
              "matchCriteriaId": "9451CD3F-BF4E-4BBC-AD00-660BE2B313C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d71:*:*:*:*:*:*",
              "matchCriteriaId": "C63E8B17-250D-4D74-9A1F-2F3577D9A071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d72:*:*:*:*:*:*",
              "matchCriteriaId": "801AB7D7-3407-4F8B-83C4-CC16076DB0E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d73:*:*:*:*:*:*",
              "matchCriteriaId": "FA4104D4-3FA2-4936-ACBD-06B0BD0B9E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d76:*:*:*:*:*:*",
              "matchCriteriaId": "090BB276-C169-4A41-B03D-0EC40D20E8BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46:d77:*:*:*:*:*:*",
              "matchCriteriaId": "51732A2B-52E2-4356-8409-5CB6D79F23DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46-d10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6390879-1AB9-4B11-A8A8-6B914F52EB83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.1x46-d76:-:*:*:*:*:*:*",
              "matchCriteriaId": "D6A2BAF7-8D71-474C-9F72-FF5DABC69749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:-:*:*:*:*:*:*",
              "matchCriteriaId": "AC1FED64-8725-4978-9EBF-E3CD8EF338E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d10:*:*:*:*:*:*",
              "matchCriteriaId": "4B7066A4-CD05-4E1A-89E8-71B4CB92CFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d15:*:*:*:*:*:*",
              "matchCriteriaId": "A4AC2E1E-74FB-4DA3-8292-B2079F83FF54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d20:*:*:*:*:*:*",
              "matchCriteriaId": "5FF83BD0-3B28-481E-8C8F-09ECDA493DA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d25:*:*:*:*:*:*",
              "matchCriteriaId": "6E296274-AFC1-4F56-A4B3-827C2E0BC9D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d30:*:*:*:*:*:*",
              "matchCriteriaId": "3C82799B-BD25-4359-9E3D-4D7CA7367525",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d35:*:*:*:*:*:*",
              "matchCriteriaId": "094485FF-960C-4533-A2AF-6C4D420D260D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d40:*:*:*:*:*:*",
              "matchCriteriaId": "F8BE3661-1DE5-4F57-9384-68C1B34F6812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d45:*:*:*:*:*:*",
              "matchCriteriaId": "B45E8A14-E7F4-41EB-9BFA-7A19E35D11FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d50:*:*:*:*:*:*",
              "matchCriteriaId": "C6C694C6-C58C-4513-91E8-6CC22A2386E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d51:*:*:*:*:*:*",
              "matchCriteriaId": "64A0CCD4-91BA-440E-A14C-48E67D1F03A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d55:*:*:*:*:*:*",
              "matchCriteriaId": "6B65EF51-ED97-4973-94C4-8F66C553F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d60:*:*:*:*:*:*",
              "matchCriteriaId": "9EE7C08A-2A4B-4A84-AD95-A890913E2EE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d65:*:*:*:*:*:*",
              "matchCriteriaId": "44C61900-680C-4C74-8B96-ACC93FE9465E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d66:*:*:*:*:*:*",
              "matchCriteriaId": "6A793CCD-397E-45DA-9349-D01C69AB96D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d70:*:*:*:*:*:*",
              "matchCriteriaId": "B6C38637-ABE0-419A-A053-CBE076766551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:12.3x48:d75:*:*:*:*:*:*",
              "matchCriteriaId": "1F87EF0D-E609-4D4A-B228-CEF05C753E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d10:*:*:*:*:*:*",
              "matchCriteriaId": "D90D8985-34EF-44CC-A9A7-CB0FD22676F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d100:*:*:*:*:*:*",
              "matchCriteriaId": "856A5668-FA4F-44E9-A3F0-BE4979F631E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d110:*:*:*:*:*:*",
              "matchCriteriaId": "F3B2DA4D-5E5D-4E09-BE4D-5B3371703D8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d120:*:*:*:*:*:*",
              "matchCriteriaId": "FA2459ED-DFA5-4701-AF92-C2928C3BD64D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d130:*:*:*:*:*:*",
              "matchCriteriaId": "8830C4BC-2B3D-4CCF-A37E-79C2D46159BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d131:*:*:*:*:*:*",
              "matchCriteriaId": "40D42ACF-860C-4B47-8E25-7DEC30FB8064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d140:*:*:*:*:*:*",
              "matchCriteriaId": "C808E08F-1992-43DD-A106-E920DC784831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d15:*:*:*:*:*:*",
              "matchCriteriaId": "C8C94365-988C-4A14-8E49-846152FDC666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d150:*:*:*:*:*:*",
              "matchCriteriaId": "E288F54B-AEA3-412F-85A4-EBDFE74DB84F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d160:*:*:*:*:*:*",
              "matchCriteriaId": "02AAC05C-1C4B-4F35-A286-52D20DFD6212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d170:*:*:*:*:*:*",
              "matchCriteriaId": "080422D3-B508-4049-B558-4B04BF2E8AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d180:*:*:*:*:*:*",
              "matchCriteriaId": "2FAFD8F8-CBD2-45CA-BD3C-875C8FA1D778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d20:*:*:*:*:*:*",
              "matchCriteriaId": "18468579-0195-4DDE-BAA5-4BE4068F3A69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d25:*:*:*:*:*:*",
              "matchCriteriaId": "6825F6BA-B48F-4E02-938F-6B297E21BA07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d30:*:*:*:*:*:*",
              "matchCriteriaId": "0E5FAA97-171F-4DB9-B78E-6E1A5F34336A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d35:*:*:*:*:*:*",
              "matchCriteriaId": "870244F3-1C05-4F10-A205-5189BB860F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d40:*:*:*:*:*:*",
              "matchCriteriaId": "235EE40B-AA15-4F39-8087-A051F4F70995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d45:*:*:*:*:*:*",
              "matchCriteriaId": "17330544-3AFC-463E-A146-2840A8AE17D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d50:*:*:*:*:*:*",
              "matchCriteriaId": "8ABA301F-7866-42A5-8391-E07BEAFF06FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d55:*:*:*:*:*:*",
              "matchCriteriaId": "884E4A85-ED42-4391-9FDD-9052F957743A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d60:*:*:*:*:*:*",
              "matchCriteriaId": "1901864B-688B-4352-A587-4B96B4E49FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d65:*:*:*:*:*:*",
              "matchCriteriaId": "78F53FBF-C6D8-4AE5-87EC-9D9F88DCEFB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d70:*:*:*:*:*:*",
              "matchCriteriaId": "1B6670FB-9F5A-469B-97F2-074C28572065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d75:*:*:*:*:*:*",
              "matchCriteriaId": "71198992-83AA-4E28-BA7D-A3C1897B5E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d80:*:*:*:*:*:*",
              "matchCriteriaId": "4323D874-C317-4D76-8E2D-C82376D84CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:15.1x49:d90:*:*:*:*:*:*",
              "matchCriteriaId": "F56067DA-EBA9-481A-B60B-52148584EFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "267A3603-BC18-442E-803A-4CAEB6493433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
              "matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
              "matchCriteriaId": "BA8D32E4-1892-46DC-9782-5466A14E18D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:*:*:*:*:*:*",
              "matchCriteriaId": "25C7C3D0-A203-4979-8375-A610ADD48E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
              "matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "565AE6D8-28A9-4A62-A886-5BAB954695D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "0C366F93-BB30-4144-99AE-40B676977834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "488BB10A-1360-42E5-A68D-23D51B332850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "64988F0A-E02C-455B-99C9-4059C896416F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "DC2ACA85-FA89-40F0-A2AD-778E1CB02A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.3:r3-s6:*:*:*:*:*:*",
              "matchCriteriaId": "9F431D3D-5D55-45A9-98E8-00CB1D4C0196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "DF3F9F86-166F-45E4-92B7-3DD3B06199F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
              "matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
              "matchCriteriaId": "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2:*:*:*:*:*:*",
              "matchCriteriaId": "0E0CE79A-157D-47DE-BE65-936BC12470EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "05060C06-18C1-40E8-AE01-385B036CC9AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s10:*:*:*:*:*:*",
              "matchCriteriaId": "341417EE-71C2-465C-96CA-65B2B5B63FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s11:*:*:*:*:*:*",
              "matchCriteriaId": "A701A73D-A795-47DD-8EB5-55D1CDF67A49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s12:*:*:*:*:*:*",
              "matchCriteriaId": "CC1EE8D6-8963-49D8-84C7-C9406B04D9EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s13:*:*:*:*:*:*",
              "matchCriteriaId": "03BCD35E-29D3-4F8C-ABE9-32C7010FD796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "0C752783-4843-407B-AF33-0E1D36FCAAF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "006EE425-A146-4E10-B050-7E754BB8402A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "2B482BCC-1F0C-47AA-B63B-1B39CEF7B2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s5:*:*:*:*:*:*",
              "matchCriteriaId": "A636F9F2-2DA7-4A27-AD80-FD1B34DFCA94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s6:*:*:*:*:*:*",
              "matchCriteriaId": "4EC7D216-D8F3-4ABD-97C9-4C9FB6DF64FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s7:*:*:*:*:*:*",
              "matchCriteriaId": "5E327643-D8D8-4EFA-9F38-BA862A919501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s8:*:*:*:*:*:*",
              "matchCriteriaId": "1BC6CE1C-9DD8-429E-BDC2-251D8C8674E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:17.4:r2-s9:*:*:*:*:*:*",
              "matchCriteriaId": "63B00B4F-3E65-4CB2-807D-43908B570AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "0DFDD907-5305-4602-8A9C-685AA112C342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r1:*:*:*:*:*:*",
              "matchCriteriaId": "B0A756E2-C320-405A-B24F-7C5022649E5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2:*:*:*:*:*:*",
              "matchCriteriaId": "2EF6F4C1-6A7E-474F-89BC-7A3C50FD8CAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "84F5BCBA-404B-4BC9-B363-CE6D231B0D6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "18A4CA3E-DA61-49CC-8476-3A476CCB2B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "A7380B3E-09F5-4497-86C6-11EF56BD89F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3:*:*:*:*:*:*",
              "matchCriteriaId": "658841A9-BEC9-433E-81D0-47DE82887C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s1:*:*:*:*:*:*",
              "matchCriteriaId": "5AD05209-1274-4F8A-9FA2-A1A8DFCC5755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s13:*:*:*:*:*:*",
              "matchCriteriaId": "F144834D-7FC0-4B60-AFCB-AD86BA121719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s2:*:*:*:*:*:*",
              "matchCriteriaId": "C97683B3-A07B-428F-9535-C49B55305679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s3:*:*:*:*:*:*",
              "matchCriteriaId": "A14CE132-C56B-43D8-A248-AB6A2D1A7B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s4:*:*:*:*:*:*",
              "matchCriteriaId": "73978DD8-BD92-4872-8F35-AF2B9BCA1ECB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s5:*:*:*:*:*:*",
              "matchCriteriaId": "678F57D1-2595-4AF3-BB87-AF2E1FE3CBB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s6:*:*:*:*:*:*",
              "matchCriteriaId": "7988CE92-71D2-4EEC-B596-4A60E2C1136A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s7:*:*:*:*:*:*",
              "matchCriteriaId": "330D176F-8DAD-440C-A623-44FA233FAB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.1:r3-s8:*:*:*:*:*:*",
              "matchCriteriaId": "8CC5EAB8-1364-4325-9F01-BE7CC479C29D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
              "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "0070B31B-59DC-46E9-93E0-1E8BF3560BFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2:*:*:*:*:*:*",
              "matchCriteriaId": "5F711936-33A1-47FC-A6A0-A63088915815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s1:*:*:*:*:*:*",
              "matchCriteriaId": "21B7820C-01D2-401C-9E6D-C83994FD5961",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s2:*:*:*:*:*:*",
              "matchCriteriaId": "3D2FBD29-2CAC-41B4-9336-671373EF4A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s3:*:*:*:*:*:*",
              "matchCriteriaId": "EEFCDA90-67E2-4AEF-800C-1D29A9121B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s4:*:*:*:*:*:*",
              "matchCriteriaId": "74B99981-840F-4DAD-976A-5DAEFE9FB93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s5:*:*:*:*:*:*",
              "matchCriteriaId": "BDD3ADB9-35FF-41D3-92BD-98D6D4826B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s6:*:*:*:*:*:*",
              "matchCriteriaId": "341F2459-8335-40E9-A2B3-BE804D319F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s7:*:*:*:*:*:*",
              "matchCriteriaId": "0CD17956-8E8C-489D-927A-5709C05EA705",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.2:r2-s8:*:*:*:*:*:*",
              "matchCriteriaId": "27D9AEBC-2CA3-4E17-9543-D60B10BA2AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "1BB9C2BB-D20B-41E9-B75F-7FAD9ECCDB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1:*:*:*:*:*:*",
              "matchCriteriaId": "5342C3DC-D640-47AB-BD76-3444852988A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "8AB8585E-EDC6-4400-BEE3-3A6A7C922C90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "A2ABC574-B3FC-4025-B50D-7F9EEB28C806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "6F6EAFC3-C3AC-4361-8530-39FCF89702F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "92FB1BF6-8852-45D8-817C-36CDBE730801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "6B363298-315C-4FD5-9417-C5B82883A224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.3:r1-s6:*:*:*:*:*:*",
              "matchCriteriaId": "EB08FF7B-01F5-4A19-858E-E2CD19D61A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "74CA9010-D3DE-487B-B46F-589A48AB0F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1:*:*:*:*:*:*",
              "matchCriteriaId": "A38F224C-8E9B-44F3-9D4F-6C9F04F57927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s1:*:*:*:*:*:*",
              "matchCriteriaId": "853F146A-9A0F-49B6-AFD2-9907434212F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s2:*:*:*:*:*:*",
              "matchCriteriaId": "8F73B88B-E66C-4ACD-B38D-9365FB230ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s3:*:*:*:*:*:*",
              "matchCriteriaId": "EE1F82EC-3222-4158-8923-59CDA1909A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s4:*:*:*:*:*:*",
              "matchCriteriaId": "8FE95D15-B5E5-4E74-9464-C72D8B646A6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:junos:18.4:r1-s5:*:*:*:*:*:*",
              "matchCriteriaId": "C012CD07-706A-4E1C-B399-C55AEF5C8309",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:vsrx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F68E75-E6C6-4DB4-AE0E-C5637ECE7C88",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "561C1113-3D59-4DD9-ADA7-3C9ECC4632EC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "78C6D8A0-92D3-4FD3-BCC1-CC7C87B76317",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "927EAB8B-EC3B-4B12-85B9-5517EBA49A30",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEBF85C-736A-4E7D-956A-3E8210D4F70B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE06B18-BFB5-4029-A05D-386CFBFBF683",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD647C15-A686-4C8F-A766-BC29404C0FED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AB1622-1AED-4CD7-98F1-67779CDFC321",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A1DCCD-208C-46D9-8E14-89592B49AB9A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "89276D88-3B8D-4168-A2CD-0920297485F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E020556B-693F-4963-BA43-3164AB50FA49",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0D31FF-0812-42B8-B25E-03C35EC1B021",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5AB24B-2B43-43DD-AE10-F758B4B19F2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9DC32-5ADF-4430-B1A6-357D0B29DB78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B82D4C4-7A65-409A-926F-33C054DCBFBA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "746C3882-2A5B-4215-B259-EB1FD60C513D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE535749-F4CE-4FFA-B23D-BF09C92481E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDE64EC0-7E42-43AF-A8FA-1A233BD3E3BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2305DA9D-E6BA-48F4-80CF-9E2DE7661B2F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A03463-6B1D-4DBA-9E89-CAD5E899B98B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA8999C-8AE4-416F-BA2A-B1A21F33B4D7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCC5F6F5-4347-49D3-909A-27A3A96D36C9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "826F893F-7B06-43B5-8653-A8D9794C052E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BA6B86-D3F4-4496-AE46-AC513C6560FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "462CFD52-D3E2-4F7A-98AC-C589D2420556",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABA347C-3EF3-4F75-B4D1-54590A57C2BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FDDC897-747F-44DD-9599-7266F9B5B7B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62FC145A-D477-4C86-89E7-F70F52773801",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06685D0E-A075-49A5-9EF4-34F0F795C8C6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52F0B735-8C49-4B08-950A-296C9CDE43CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CA098D-CBE4-4E62-9EC0-43E1B6098710",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66F474D4-79B6-4525-983C-9A9011BD958B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AA424D4-4DBF-4E8C-96B8-E37741B5403E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c."
    },
    {
      "lang": "es",
      "value": "named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y salida de demonio) a trav\u00e9s de un registro de firma manipulado para un registro DNAME, relacionada con db.c y resolver.c."
    }
  ],
  "id": "CVE-2016-1286",
  "lastModified": "2024-11-21T02:46:06.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-09T23:59:03.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3511"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035237"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2925-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-01353"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-01380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-01438"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201610-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178880.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179911.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00070.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00072.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=146191105921542\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0562.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0601.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2925-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05087821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-01353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-01380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/article/AA-01438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:13.bind.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201610-07"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-05-05 18:59
Modified
2024-11-21 02:50
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
References
secalert@redhat.comhttp://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLogBroken Link, Patch
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-0726.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2016/dsa-3580Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2016/dsa-3746Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/05/03/18Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/538378/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securityfocus.com/bid/89852Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2990-1Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201611-21Third Party Advisory
secalert@redhat.comhttps://www.exploit-db.com/exploits/39767/Exploit, Third Party Advisory, VDB Entry
secalert@redhat.comhttps://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588Exploit, Vendor Advisory
secalert@redhat.comhttps://www.imagemagick.org/script/changelog.phpRelease Notes
af854a3a-2127-422b-91ae-364da2661108http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLogBroken Link, Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0726.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3580Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3746Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/05/03/18Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538378/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/89852Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2990-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201611-21Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/39767/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.imagemagick.org/script/changelog.phpRelease Notes
Impacted products
Vendor Product Version
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_for_ibm_z_systems 6.0_s390x
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 6.7_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.2_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.3_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.4_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.5_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.6_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.7_s390x
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_for_power_big_endian_eus 6.7_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.2_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_for_power_little_endian 7.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.3_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.4_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.5_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.6_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.7_ppc64le
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_from_rhui 6.0
redhat enterprise_linux_server_from_rhui 7.0
redhat enterprise_linux_server_supplementary_eus 6.7z
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
imagemagick imagemagick *
imagemagick imagemagick 7.0.0-0
imagemagick imagemagick 7.0.1-0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 16.04
oracle linux 6
oracle linux 7
oracle solaris 10
oracle solaris 11.3
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_workstation_extension 12


To clipboard 

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "ImageMagick Arbitrary File Deletion Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C84EAAE7-0249-4EA1-B8D3-E039B03ACDC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.7_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "837F0D24-99B3-4093-A45A-53ADB0367FCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.2_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "357FDE3E-2248-4BCD-B726-97C4D92FDCB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.3_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "E420B889-BB89-4B64-B0E0-7E9B8545B959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "B908AEF5-67CE-42D4-961D-C0E7ADB78ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8EB695-5EA3-46D2-941E-D7F01AB99A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E1DB003-76B8-4D7B-A6ED-5064C3AE1C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8D654F-2442-4EA0-AF89-6AC2CD214772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9835090F-120A-4A53-B4A8-375DD6999167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5B5F9E-D749-45E5-8538-7CED9620C00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "188019BF-3700-4B3F-BFA5-553B2B545B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8B2E32-B838-4E51-BAA2-764089D2A684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "4319B943-7B19-468D-A160-5895F7F997A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A584AAA-A14F-4C64-8FED-675DC36F69A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "D373A806-8A25-4BD4-8511-879D8755C326",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.3_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE6C909-798B-4B7A-9BD4-6741933DBC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A24D0C-604D-4421-AFA6-5D541DA2E94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A2E3637-B6A6-4DA9-8B0A-E91F22130A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "F81F859C-DA89-4D1E-91D3-A000AD646203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "418488A5-2912-406C-9337-B8E85D0C2B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A901D6-0874-46A4-92A8-5F72C7A89E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE561C57-71DE-434A-85BC-1FAAFDCC7058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87477201-64C5-490B-AAE1-23D26F774989",
              "versionEndExcluding": "6.9.3-10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7CCC6B-C66E-48E2-BA1E-CBF6421B4FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*",
              "matchCriteriaId": "693C9F8F-A8C1-4D06-8F31-E085E16E701C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "ED540469-C4DD-485D-9B89-6877B2A74217",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image."
    },
    {
      "lang": "es",
      "value": "El codificador EPHEMERAL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos eliminar archivos arbitrarios a trav\u00e9s de una imagen manipulada."
    }
  ],
  "id": "CVE-2016-3715",
  "lastModified": "2024-11-21T02:50:33.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-05T18:59:04.727",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Patch"
      ],
      "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3580"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3746"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/89852"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2990-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-21"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39767/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.imagemagick.org/script/changelog.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch"
      ],
      "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/89852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2990-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39767/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.imagemagick.org/script/changelog.php"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-21 14:29
Modified
2024-11-21 02:32
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
References
secalert@redhat.comhttp://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrAIssue Tracking, Patch, Vendor Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-0780.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2583.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3388Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2015/08/25/3Mailing List, Patch, Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
secalert@redhat.comhttp://www.securityfocus.com/bid/76475Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1254542Issue Tracking, Patch
secalert@redhat.comhttps://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=isg3T1024157Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21985122Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21986956Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21988706Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21989542Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrAIssue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0780.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2583.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3388Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/08/25/3Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/76475Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1254542Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21985122Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21986956Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21988706Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21989542Third Party Advisory
Impacted products
Vendor Product Version
fedoraproject fedora 21
fedoraproject fedora 22
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
canonical ubuntu_linux 15.10
ntp ntp *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A33B9F5-E0D1-4A3E-9FFB-5602A25F3227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "53F0F5A0-70D9-4305-A834-B6FF71E27B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BCD7DC-0FEF-477D-8698-F8D8F1A49D90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:p40:*:*:*:*:*:*",
              "matchCriteriaId": "C38BE66F-08C3-4351-BFFF-0A79EE89612E",
              "versionEndIncluding": "4.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n log_config_command en el archivo ntp_parser.y en ntpd en NTP anterior a versi\u00f3n 4.2.7p42, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de ntpd) por medio de comandos logconfig creados."
    }
  ],
  "id": "CVE-2015-5194",
  "lastModified": "2024-11-21T02:32:32.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-21T14:29:00.757",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/76475"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2783-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/76475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2783-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2024-11-21 02:53
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
References
cve@mitre.orghttp://bugs.ntp.org/3045Issue Tracking, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
cve@mitre.orghttp://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
cve@mitre.orghttp://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug3045Patch, Vendor Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/SecurityNoticeVendor Advisory
cve@mitre.orghttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
cve@mitre.orghttp://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/538599/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/538600/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/540683/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/91010Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfThird Party Advisory
cve@mitre.orghttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usThird Party Advisory
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201607-15Third Party Advisory
cve@mitre.orghttps://us-cert.cisa.gov/ics/advisories/icsa-21-103-11Third Party Advisory, US Government Resource
cve@mitre.orghttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
cve@mitre.orghttps://www.kb.cert.org/vuls/id/321640
af854a3a-2127-422b-91ae-364da2661108http://bugs.ntp.org/3045Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug3045Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/SecurityNoticeVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538599/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/540683/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91010Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201607-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/321640
Impacted products
Vendor Product Version
ntp ntp *
ntp ntp *
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
oracle solaris 10
oracle solaris 11.3
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
siemens simatic_net_cp_443-1_opc_ua_firmware *
siemens simatic_net_cp_443-1_opc_ua -
siemens tim_4r-ie_firmware *
siemens tim_4r-ie -
siemens tim_4r-ie_dnp3_firmware *
siemens tim_4r-ie_dnp3 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
              "versionEndExcluding": "4.2.8",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "863751A2-A97F-47CD-8D57-6D60E6F3593D",
              "versionEndExcluding": "4.3.93",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
              "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
              "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
              "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
              "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
    },
    {
      "lang": "es",
      "value": "ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desmovilizaci\u00f3n de asociaci\u00f3n ef\u00edmera) mediante el env\u00edo de un paquete crypto-NAK falsificado con datos de autenticaci\u00f3n incorrectos en un momento determinado."
    }
  ],
  "id": "CVE-2016-4953",
  "lastModified": "2024-11-21T02:53:17.097",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-05T01:59:00.143",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3045"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/321640"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-21 14:29
Modified
2024-11-21 02:32
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
secalert@redhat.comhttp://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.ascThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlThird Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-1930.htmlThird Party Advisory
secalert@redhat.comhttp://seclists.org/bugtraq/2016/Feb/164Mailing List, Third Party Advisory
secalert@redhat.comhttp://support.ntp.org/bin/view/Main/NtpBug2956Issue Tracking, Patch, Vendor Advisory
secalert@redhat.comhttp://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_SecuritIssue Tracking, Patch, Vendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2015/dsa-3388Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/77312Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1034670Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
secalert@redhat.comhttps://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1271076Issue Tracking
secalert@redhat.comhttps://ics-cert.us-cert.gov/advisories/ICSA-15-356-01Third Party Advisory, US Government Resource
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20171004-0001/
secalert@redhat.comhttps://support.citrix.com/article/CTX220112Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=isg3T1023885Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=isg3T1024073Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=nas8N1021264Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21979393Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21980676Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21983501Third Party Advisory
secalert@redhat.comhttps://www-01.ibm.com/support/docview.wss?uid=swg21983506Third Party Advisory
secalert@redhat.comhttps://www.cs.bu.edu/~goldbe/NTPattack.htmlThird Party Advisory
secalert@redhat.comhttps://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.ascThird Party Advisory
secalert@redhat.comhttps://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
secalert@redhat.comhttps://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1930.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/bugtraq/2016/Feb/164Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug2956Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_SecuritIssue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3388Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/77312Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034670Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2783-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1271076Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171004-0001/
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX220112Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21979393Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21980676Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21983501Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www-01.ibm.com/support/docview.wss?uid=swg21983506Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.cs.bu.edu/~goldbe/NTPattack.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlThird Party Advisory
Impacted products
Vendor Product Version
fedoraproject fedora 21
fedoraproject fedora 22
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 12
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
suse suse_linux_enterprise_server 12
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_hpc_node_eus 7.1
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 6.7.z
redhat enterprise_linux_server_eus 7.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
canonical ubuntu_linux 15.10
ntp ntp *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A33B9F5-E0D1-4A3E-9FFB-5602A25F3227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "53F0F5A0-70D9-4305-A834-B6FF71E27B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BCD7DC-0FEF-477D-8698-F8D8F1A49D90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*",
              "matchCriteriaId": "05D076CA-85DD-48B4-9A8A-F413FFBFB55F",
              "versionEndIncluding": "4.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
    },
    {
      "lang": "es",
      "value": "La comprobaci\u00f3n panic_gate en NTP anterior a versi\u00f3n 4.2.8p5 es solo habilitada nuevamente despu\u00e9s del primer cambio al reloj del sistema que fue mayor que 128 milisegundos por defecto, permitiendo a los atacantes remotos fijar el NTP a un tiempo arbitrario cuando arranca con la opci\u00f3n -g, o alterar el tiempo hasta 900 segundos, de lo contrario por respuesta a un n\u00famero no especificado de peticiones de fuentes de confianza y aprovechando una denegaci\u00f3n de servicio resultante (anular y reiniciar)."
    }
  ],
  "id": "CVE-2015-5300",
  "lastModified": "2024-11-21T02:32:44.747",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-21T14:29:00.927",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/bugtraq/2016/Feb/164"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/77312"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034670"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2783-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX220112"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/bugtraq/2016/Feb/164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/77312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2783-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX220112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-361"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2024-11-21 02:37
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug2938Vendor Advisory
cve@mitre.orghttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdThird Party Advisory
cve@mitre.orghttp://www.securitytracker.com/id/1034782Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-3096-1Third Party Advisory
cve@mitre.orghttps://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
cve@mitre.orghttps://security.gentoo.org/glsa/201607-15Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20171031-0001/
cve@mitre.orghttps://www.kb.cert.org/vuls/id/718152Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug2938Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034782Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-3096-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bto.bluecoat.com/security-advisory/sa113Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201607-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171031-0001/
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/718152Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
ntp ntp 4.1.2
ntp ntp *
ntp ntp 4.3.0
ntp ntp 4.3.1
ntp ntp 4.3.2
ntp ntp 4.3.3
ntp ntp 4.3.4
ntp ntp 4.3.5
ntp ntp 4.3.6
ntp ntp 4.3.7
ntp ntp 4.3.8
ntp ntp 4.3.9
ntp ntp 4.3.10
ntp ntp 4.3.11
ntp ntp 4.3.12
ntp ntp 4.3.13
ntp ntp 4.3.14
ntp ntp 4.3.15
ntp ntp 4.3.16
ntp ntp 4.3.17
ntp ntp 4.3.18
ntp ntp 4.3.19
ntp ntp 4.3.20
ntp ntp 4.3.21
ntp ntp 4.3.22
ntp ntp 4.3.23
ntp ntp 4.3.24
ntp ntp 4.3.25
ntp ntp 4.3.26
ntp ntp 4.3.27
ntp ntp 4.3.28
ntp ntp 4.3.29
ntp ntp 4.3.30
ntp ntp 4.3.31
ntp ntp 4.3.32
ntp ntp 4.3.33
ntp ntp 4.3.34
ntp ntp 4.3.35
ntp ntp 4.3.36
ntp ntp 4.3.37
ntp ntp 4.3.38
ntp ntp 4.3.39
ntp ntp 4.3.40
ntp ntp 4.3.41
ntp ntp 4.3.42
ntp ntp 4.3.43
ntp ntp 4.3.44
ntp ntp 4.3.45
ntp ntp 4.3.46
ntp ntp 4.3.47
ntp ntp 4.3.48
ntp ntp 4.3.49
ntp ntp 4.3.50
ntp ntp 4.3.51
ntp ntp 4.3.52
ntp ntp 4.3.53
ntp ntp 4.3.54
ntp ntp 4.3.55
ntp ntp 4.3.56
ntp ntp 4.3.57
ntp ntp 4.3.58
ntp ntp 4.3.59
ntp ntp 4.3.60
ntp ntp 4.3.61
ntp ntp 4.3.62
ntp ntp 4.3.63
ntp ntp 4.3.64
ntp ntp 4.3.65
ntp ntp 4.3.66
ntp ntp 4.3.67
ntp ntp 4.3.68
ntp ntp 4.3.69
ntp ntp 4.3.70
ntp ntp 4.3.71
ntp ntp 4.3.72
ntp ntp 4.3.73
ntp ntp 4.3.74
ntp ntp 4.3.75
ntp ntp 4.3.76
ntp ntp 4.3.77
ntp ntp 4.3.78
ntp ntp 4.3.79
ntp ntp 4.3.80
ntp ntp 4.3.81
ntp ntp 4.3.82
ntp ntp 4.3.83
ntp ntp 4.3.84
ntp ntp 4.3.85
ntp ntp 4.3.86
ntp ntp 4.3.87
ntp ntp 4.3.88
ntp ntp 4.3.89
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse manager 2.1
suse manager_proxy 2.1
novell suse_openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse suse_linux_enterprise_server 12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
              "matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
              "versionEndIncluding": "4.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "74268F7D-058C-4E84-9D7E-3853A95918BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
    },
    {
      "lang": "es",
      "value": "El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a trav\u00e9s de un nombre de archivo manipulado."
    }
  ],
  "id": "CVE-2015-7976",
  "lastModified": "2024-11-21T02:37:45.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-30T21:59:00.330",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/718152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/718152"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-05-03 19:59
Modified
2024-11-21 03:33
Severity ?
3.8 (Low) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/98314Third Party Advisory, VDB Entry
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1033948Issue Tracking, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98314Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1033948Issue Tracking, Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
xen xen *
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
novell suse_linux_enterprise_point_of_sale 11.0
novell suse_linux_enterprise_server 11.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9213743B-275F-4056-81E8-E44E18A81FCA",
              "versionEndIncluding": "4.2.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "51E07D0D-67A6-4DDE-BE4E-959DE0A3314F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "3F8CE3BD-993B-407F-BAEC-A070F6B46E6E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL."
    },
    {
      "lang": "es",
      "value": "Xen PV guest anterior a Xen 4.3 chequea los permisos de acceso a los rangos MMIO s\u00f3lo despu\u00e9s de acceder a ellos, lo que permite leer en un dispositivo de memoria PCI, dando lugar a la divulgaci\u00f3n de informaci\u00f3n. Se trata de un error en la funci\u00f3n get_user. NOTA: el upstream Xen Project considera versiones anteriores a 4.5.x para ser EOL."
    }
  ],
  "id": "CVE-2017-7995",
  "lastModified": "2024-11-21T03:33:07.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 1.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-03T19:59:00.143",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98314"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1033948"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-04-21 11:00
Modified
2024-11-21 02:49
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
References
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlMailing List, Third Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0650.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0651.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0675.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0676.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0677.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0678.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0679.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0701.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0702.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0708.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0716.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-0723.htmlThird Party Advisory
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2016-1039.htmlThird Party Advisory
secalert_us@oracle.comhttp://www.debian.org/security/2016/dsa-3558Mailing List, Third Party Advisory
secalert_us@oracle.comhttp://www.openwall.com/lists/oss-security/2020/08/31/1Mailing List
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlPatch, Third Party Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/86421Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1035596Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1037331Broken Link, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.ubuntu.com/usn/USN-2963-1Third Party Advisory
secalert_us@oracle.comhttp://www.ubuntu.com/usn/USN-2964-1Third Party Advisory
secalert_us@oracle.comhttp://www.ubuntu.com/usn/USN-2972-1Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2016:1430Third Party Advisory
secalert_us@oracle.comhttps://access.redhat.com/errata/RHSA-2017:1216Third Party Advisory
secalert_us@oracle.comhttps://kc.mcafee.com/corporate/index?page=content&id=SB10159Broken Link
secalert_us@oracle.comhttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3EMailing List, Third Party Advisory
secalert_us@oracle.comhttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
secalert_us@oracle.comhttps://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3EMailing List, Third Party Advisory
secalert_us@oracle.comhttps://security.gentoo.org/glsa/201606-18Third Party Advisory
secalert_us@oracle.comhttps://security.netapp.com/advisory/ntap-20160420-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0650.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0651.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0675.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0676.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0677.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0678.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0679.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0701.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0702.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0708.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0716.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0723.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-1039.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3558Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/08/31/1Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/86421Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035596Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037331Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2963-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2964-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2972-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:1430Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1216Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10159Broken Link
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3EMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3EMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3EMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201606-18Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20160420-0001/Third Party Advisory
Impacted products
Vendor Product Version
oracle jdk 1.6.0
oracle jdk 1.7.0
oracle jdk 1.8.0
oracle jre 1.6.0
oracle jre 1.7.0
oracle jre 1.8.0
oracle jrockit r28.3.9
oracle linux 5
oracle linux 6
oracle linux 7
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 16.04
debian debian_linux 8.0
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp oncommand_balance -
netapp oncommand_cloud_manager -
netapp oncommand_insight -
netapp oncommand_performance_manager -
netapp oncommand_report -
netapp oncommand_shift -
netapp oncommand_unified_manager -
netapp oncommand_unified_manager -
netapp oncommand_workflow_automation -
netapp storagegrid *
netapp vasa_provider_for_clustered_data_ontap *
netapp virtual_storage_console *
apache cassandra *
apache cassandra *
apache cassandra *
apache cassandra *
apache cassandra 4.0.0
redhat satellite 5.6
redhat satellite 5.7
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
suse linux_enterprise_module_for_legacy 12
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_software_development_kit 12


To clipboard 

{
  "cisaActionDue": "2023-06-02",
  "cisaExploitAdd": "2023-05-12",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Oracle Java SE and JRockit Unspecified Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update113:*:*:*:*:*:*",
              "matchCriteriaId": "AE4602E8-1466-4148-BC89-7FAFFA14A886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update99:*:*:*:*:*:*",
              "matchCriteriaId": "C3D13189-1F7B-482F-ABF7-CC8D563716C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update77:*:*:*:*:*:*",
              "matchCriteriaId": "C6CAC2AE-7FB0-40F4-9A45-533943A35772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update113:*:*:*:*:*:*",
              "matchCriteriaId": "F0D546F4-B709-4522-B84A-7D6C301814BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update99:*:*:*:*:*:*",
              "matchCriteriaId": "0BF73F1C-91F1-41F6-956C-4A64603DCDF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update77:*:*:*:*:*:*",
              "matchCriteriaId": "CDF71474-FFBF-44A0-A5EC-CD3E50472D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jrockit:r28.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F7ACC3A-F8F4-4B53-981A-697569B172CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
              "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
              "matchCriteriaId": "280520BC-070C-4423-A633-E6FE45E53D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_cloud_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "069D0EC4-BE9D-44A9-82B0-36EFA3702EA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_report:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "50E60FEB-7FC2-491A-B492-5A5DC0A4821A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*",
              "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
              "matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73019FE2-F7CE-4B12-9DC1-8333F08A7D9C",
              "versionEndIncluding": "9.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "B7B42CB6-3C14-4183-AFA8-C3682F8B54AB",
              "versionStartIncluding": "7.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCAE701-DCF8-4031-A711-218D5ADFAD24",
              "versionEndExcluding": "2.1.22",
              "versionStartIncluding": "2.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53EC5281-8A0B-45A9-8E05-6709516DDFCD",
              "versionEndExcluding": "2.2.18",
              "versionStartIncluding": "2.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE85F320-9AD4-48CA-AAD6-D3436E132204",
              "versionEndExcluding": "3.0.22",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "291DAFA7-48C8-43D0-A800-FC0337764EB4",
              "versionEndExcluding": "3.11.8",
              "versionStartIncluding": "3.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:cassandra:4.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A7B8B2B7-874C-45C7-88B9-CAEF8F12D1EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_module_for_legacy:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0257D57-ABF4-49FF-AA59-1B82FAA6D147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores relacionados con JMX."
    }
  ],
  "id": "CVE-2016-3427",
  "lastModified": "2024-11-21T02:49:59.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2016-04-21T11:00:21.667",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3558"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/86421"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035596"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037331"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2963-1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2964-1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2972-1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1430"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1216"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201606-18"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0650.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0651.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0676.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0677.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0678.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0679.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0723.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/08/31/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/86421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2963-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2964-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2972-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r5f48b16573a11fdf0b557cc3d1d71423ecde8ee771c29f32334fa948%40%3Cdev.cassandra.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/rc3abf40b06c511d5693baf707d6444bf7745e6a1e343e6f530a12258%40%3Cuser.cassandra.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201606-18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20160420-0001/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-05-05 18:59
Modified
2024-11-21 02:50
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
References
secalert@redhat.comhttp://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLogPatch, Vendor Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-0726.htmlThird Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2016/dsa-3580Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/05/03/18Mailing List, Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/538378/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2990-1Third Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/06/msg00009.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://security.gentoo.org/glsa/201611-21Third Party Advisory
secalert@redhat.comhttps://www.exploit-db.com/exploits/39767/Third Party Advisory, VDB Entry
secalert@redhat.comhttps://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588Vendor Advisory
secalert@redhat.comhttps://www.imagemagick.org/script/changelog.phpRelease Notes
af854a3a-2127-422b-91ae-364da2661108http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLogPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0726.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3580Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/05/03/18Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538378/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2990-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/06/msg00009.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201611-21Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/39767/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.imagemagick.org/script/changelog.phpRelease Notes
Impacted products
Vendor Product Version
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_for_ibm_z_systems 6.0_s390x
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 6.7_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.2_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.3_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.4_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.5_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.6_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 7.7_s390x
redhat enterprise_linux_for_power_big_endian 6.0_ppc64
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_for_power_big_endian_eus 6.7_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.2_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_for_power_little_endian 7.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.3_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.4_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.5_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.6_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 7.7_ppc64le
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_from_rhui 6.0
redhat enterprise_linux_server_from_rhui 7.0
redhat enterprise_linux_server_supplementary_eus 6.7z
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
imagemagick imagemagick *
imagemagick imagemagick 7.0.0-0
imagemagick imagemagick 7.0.1-0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.10
canonical ubuntu_linux 16.04
oracle linux 6
oracle linux 7
oracle solaris 10
oracle solaris 11.3
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse linux_enterprise_debuginfo 11
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_workstation_extension 12


To clipboard 

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "ImageMagick Server-Side Request Forgery (SSRF) Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "C84EAAE7-0249-4EA1-B8D3-E039B03ACDC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:6.7_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "837F0D24-99B3-4093-A45A-53ADB0367FCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.2_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "357FDE3E-2248-4BCD-B726-97C4D92FDCB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.3_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "E420B889-BB89-4B64-B0E0-7E9B8545B959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "B908AEF5-67CE-42D4-961D-C0E7ADB78ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8EB695-5EA3-46D2-941E-D7F01AB99A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E1DB003-76B8-4D7B-A6ED-5064C3AE1C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8D654F-2442-4EA0-AF89-6AC2CD214772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9835090F-120A-4A53-B4A8-375DD6999167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5B5F9E-D749-45E5-8538-7CED9620C00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "188019BF-3700-4B3F-BFA5-553B2B545B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8B2E32-B838-4E51-BAA2-764089D2A684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "4319B943-7B19-468D-A160-5895F7F997A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A584AAA-A14F-4C64-8FED-675DC36F69A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "D373A806-8A25-4BD4-8511-879D8755C326",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.3_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE6C909-798B-4B7A-9BD4-6741933DBC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A24D0C-604D-4421-AFA6-5D541DA2E94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A2E3637-B6A6-4DA9-8B0A-E91F22130A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "F81F859C-DA89-4D1E-91D3-A000AD646203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "418488A5-2912-406C-9337-B8E85D0C2B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A901D6-0874-46A4-92A8-5F72C7A89E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AE981D4-0CA1-46FA-8E91-E1A4D5B31383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE561C57-71DE-434A-85BC-1FAAFDCC7058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87477201-64C5-490B-AAE1-23D26F774989",
              "versionEndExcluding": "6.9.3-10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.0-0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7CCC6B-C66E-48E2-BA1E-CBF6421B4FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*",
              "matchCriteriaId": "693C9F8F-A8C1-4D06-8F31-E085E16E701C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*",
              "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "ED540469-C4DD-485D-9B89-6877B2A74217",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image."
    },
    {
      "lang": "es",
      "value": "Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificaci\u00f3n de peticiones del lado del servidor (SSRF) a trav\u00e9s de una imagen manipulada."
    }
  ],
  "id": "CVE-2016-3718",
  "lastModified": "2024-11-21T02:50:34.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-05T18:59:08.960",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3580"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2990-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-21"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39767/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.imagemagick.org/script/changelog.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2990-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201611-21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39767/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.imagemagick.org/script/changelog.php"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-05-24 15:59
Modified
2024-11-21 02:41
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
References
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlMailing List, Third Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlMailing List, Third Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlMailing List, Third Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlMailing List, Third Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlMailing List, Third Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlMailing List, Third Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlMailing List, Third Party Advisory
psirt@us.ibm.comhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlMailing List, Third Party Advisory
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2016-0701.htmlThird Party Advisory
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2016-0702.htmlThird Party Advisory
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2016-0708.htmlThird Party Advisory
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2016-0716.htmlThird Party Advisory
psirt@us.ibm.comhttp://rhn.redhat.com/errata/RHSA-2016-1039.htmlThird Party Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1IV84035Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21980826Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1035953Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2016:1430Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2017:1216Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0701.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0702.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0708.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-0716.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-1039.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21980826Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035953Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2016:1430Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1216Third Party Advisory
Impacted products
Vendor Product Version
suse linux_enterprise_server 11
suse linux_enterprise_software_development_kit 11
ibm java_sdk *
ibm java_sdk *
ibm java_sdk *
ibm java_sdk *
ibm java_sdk *
redhat satellite 5.6
redhat satellite 5.7
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node_supplementary 6.0
redhat enterprise_linux_hpc_node_supplementary 7.0
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 12
suse suse_linux_enterprise_server 12
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*",
              "matchCriteriaId": "A27846D2-F8BC-4A9B-9B59-E6E71BB869BC",
              "versionEndExcluding": "6.0.16.25",
              "versionStartIncluding": "6.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*",
              "matchCriteriaId": "9F139472-2499-44AF-A466-0043BB83E254",
              "versionEndExcluding": "6.1.8.25",
              "versionStartIncluding": "6.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*",
              "matchCriteriaId": "A44B197F-40EF-465F-9995-691EA879F121",
              "versionEndExcluding": "7.0.9.40",
              "versionStartIncluding": "7.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*",
              "matchCriteriaId": "626BA0D0-5526-4344-822B-0F5837C43C37",
              "versionEndExcluding": "7.1.3.40",
              "versionStartIncluding": "7.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:java_sdk:*:*:*:*:technology:*:*:*",
              "matchCriteriaId": "DDBE9092-9478-4899-88D2-95E4EDACB4FD",
              "versionEndExcluding": "8.0.3.0",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "585614D3-1DAA-4256-83DE-AFE901154808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8440BA16-EAC4-4F27-99A4-795295DA6646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 en versiones anteriores a SR9 FP40 (7.0.9.40), 7 R1 en versiones anteriores a SR3 FP40 (7.1.3.40) y 8 en versiones anteriores a SR3 (8.0.3.0) permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-0264",
  "lastModified": "2024-11-21T02:41:22.913",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-24T15:59:00.117",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035953"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1430"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0701.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0702.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0708.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0716.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1039.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1035953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2016:1430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:1216"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2024-11-21 02:53
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
References
cve@mitre.orghttp://bugs.ntp.org/3046Issue Tracking, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug3046Patch, Vendor Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/SecurityNoticeRelease Notes, Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
cve@mitre.orghttp://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201607-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.ntp.org/3046Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug3046Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/SecurityNoticeRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201607-15Third Party Advisory
Impacted products
Vendor Product Version
ntp ntp 4.2.8
ntp ntp 4.3.92
oracle solaris 10
oracle solaris 11.3
suse manager_proxy 2.1
suse openstack_cloud 5
novell suse_manager 2.1
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "514646C5-C5D4-487E-8950-B3A2B1DE8EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
    },
    {
      "lang": "es",
      "value": "ntpd en NTP en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un paquete crypto-NAK. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2016-1547."
    }
  ],
  "id": "CVE-2016-4957",
  "lastModified": "2024-11-21T02:53:18.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-05T01:59:04.283",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3046"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2024-11-21 02:53
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
References
cve@mitre.orghttp://bugs.ntp.org/3044Issue Tracking, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
cve@mitre.orghttp://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
cve@mitre.orghttp://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug3044Patch, Vendor Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/SecurityNoticeVendor Advisory
cve@mitre.orghttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
cve@mitre.orghttp://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/538599/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/538600/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/540683/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
cve@mitre.orghttp://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-3096-1
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfThird Party Advisory
cve@mitre.orghttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usThird Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201607-15Third Party Advisory
cve@mitre.orghttps://us-cert.cisa.gov/ics/advisories/icsa-21-103-11Third Party Advisory, US Government Resource
cve@mitre.orghttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
cve@mitre.orghttps://www.kb.cert.org/vuls/id/321640
af854a3a-2127-422b-91ae-364da2661108http://bugs.ntp.org/3044Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug3044Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/SecurityNoticeVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538599/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/540683/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-3096-1
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201607-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/321640
Impacted products
Vendor Product Version
ntp ntp *
ntp ntp *
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
oracle solaris 10
oracle solaris 11.3
suse manager 2.1
suse manager_proxy 2.1
suse openstack_cloud 5
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
siemens simatic_net_cp_443-1_opc_ua_firmware *
siemens simatic_net_cp_443-1_opc_ua -
siemens tim_4r-ie_firmware *
siemens tim_4r-ie -
siemens tim_4r-ie_dnp3_firmware *
siemens tim_4r-ie_dnp3 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
              "versionEndExcluding": "4.2.8",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "863751A2-A97F-47CD-8D57-6D60E6F3593D",
              "versionEndExcluding": "4.3.93",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
              "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
              "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
              "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
              "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n process_packet en ntp_proto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (modificaci\u00f3n de par variable) enviando paquetes falsificados desde muchas direcciones IP de origen en un determinado escenario, seg\u00fan lo demostrado desencadenando una indicaci\u00f3n de salto incorrecta."
    }
  ],
  "id": "CVE-2016-4954",
  "lastModified": "2024-11-21T02:53:17.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-05T01:59:01.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3044"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/321640"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-27 14:15
Modified
2024-11-21 06:55
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
References
cve@mitre.orghttp://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_SambaThird Party Advisory
cve@mitre.orghttps://bugzilla.samba.org/show_bug.cgi?id=15025Issue Tracking, Permissions Required, Vendor Advisory
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1197216Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/piastry/cifs-utils/pull/7Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/05/msg00020.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/
cve@mitre.orghttps://security.gentoo.org/glsa/202311-05
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5157Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_SambaThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.samba.org/show_bug.cgi?id=15025Issue Tracking, Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1197216Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/piastry/cifs-utils/pull/7Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/05/msg00020.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202311-05
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5157Third Party Advisory
Impacted products
Vendor Product Version
samba cifs-utils *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
suse caas_platform 4.0
suse enterprise_storage 6.0
suse enterprise_storage 7.0
suse linux_enterprise_point_of_service 11.0
suse linux_enterprise_storage 7.1
suse manager_proxy 4.1
suse manager_proxy 4.2
suse manager_proxy 4.3
suse manager_retail_branch_server 4.1
suse manager_retail_branch_server 4.2
suse manager_retail_branch_server 4.3
suse manager_server 4.1
suse manager_server 4.2
suse manager_server 4.3
suse openstack_cloud 8.0
suse openstack_cloud 9.0
suse openstack_cloud_crowbar 8.0
suse openstack_cloud_crowbar 9.0
suse linux_enterprise_desktop 15
suse linux_enterprise_desktop 15
suse linux_enterprise_high_performance_computing 12.0
suse linux_enterprise_high_performance_computing 15.0
suse linux_enterprise_high_performance_computing 15.0
suse linux_enterprise_high_performance_computing 15.0
suse linux_enterprise_high_performance_computing 15.0
suse linux_enterprise_high_performance_computing 15.0
suse linux_enterprise_high_performance_computing 15.0
suse linux_enterprise_high_performance_computing 15.0
suse linux_enterprise_micro 5.2
suse linux_enterprise_micro 5.2
suse linux_enterprise_real_time 15.0
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_server 12
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_software_development_kit 12
hp helion_openstack 8.0
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A994C1D7-9394-43A0-976B-246980F5E77E",
              "versionEndExcluding": "6.15",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB27A2D-549C-450E-A09E-B3316895F052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B20D44D-F87E-4692-8E04-695683F1ECE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7305944-AC9C-47A3-AADF-71A8B24830D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_point_of_service:11.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "694479D9-16C8-4B60-A4D3-975D9E0A7F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_storage:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B264EB20-49EA-4819-A92B-0748AEFFAC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9910C73A-3BCD-4F56-8C7D-79CB289640A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0156BFA-9E83-43E6-9C73-9711AD054B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAC2D0A4-56F8-4ED6-91E2-78434A016C5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "450A3B3F-F26D-4EAB-BF5D-4C906C4A99DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD5BDD59-5008-4DDC-B805-BB6B7DE8E1A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69D3CCD-6590-46EF-9D3F-E903AB78E3BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5810E98-7BF5-42E2-9DE9-661049ABE367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E46DEFD-659D-4D8F-BCD8-6B8A022F8FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1532304-0EA2-4816-B481-C87C7386DC88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C3BEB21-4080-4258-B95C-562D717AED0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F8A7D8-FD3E-4C36-AB2A-A61449BF38C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1675CBE5-44D3-4326-AE8B-EEB9E25D783A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B631400C-0A5A-45A3-9DFA-B419E83D324E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "ACB76FF0-B939-42E9-842B-171E929F317D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F648F64B-C3F2-4B14-906D-E48345303F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:12.0:sp5:*:*:-:*:*:*",
              "matchCriteriaId": "F8C8AD43-557D-4285-BA46-9C5785F53229",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:-:*:*:ltss:*:*:*",
              "matchCriteriaId": "6CFA8943-A151-4E16-962D-75F1CB0C3C41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*",
              "matchCriteriaId": "89C89474-3F7A-499E-8E7C-25952584A68C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*",
              "matchCriteriaId": "CA2E84A0-A9ED-411B-9963-647D8A95D3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*",
              "matchCriteriaId": "455B5F70-FDA0-4AE3-9C62-F0BC8E6C3D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "A0E17861-F7C2-479B-B687-42419ADED014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*",
              "matchCriteriaId": "75A0B727-33A9-416B-9E83-5103ABE856B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*",
              "matchCriteriaId": "D0E679A3-3EAC-4603-BD89-E04EE26845B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*",
              "matchCriteriaId": "EACDFD9B-C423-4FD1-B9AA-0D6D7D93CB36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*",
              "matchCriteriaId": "825D86FE-87DA-4389-8097-D7CF34718CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4B0AC584-5E26-4ACE-BC19-9E69A302F238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
              "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "7B84C8D3-0B59-40DC-881D-D016A422E8CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:business_critical_linux:-:*:*",
              "matchCriteriaId": "93A9AC01-6C1F-4025-BD7C-E02C4E3D0CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:*:sap:*:*",
              "matchCriteriaId": "16729D9C-DC05-41BD-9B32-682983190CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:business_critical_linux:-:*:*",
              "matchCriteriaId": "EA9DC756-8E39-4AB6-B9D4-2A4100FF8D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:espos:*:*:*",
              "matchCriteriaId": "77F1991E-E0D6-4BDE-BDF0-D34D6E67AAD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "C6622CD4-DF4B-4064-BAEB-5E382C4B05C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*",
              "matchCriteriaId": "E279968E-C62B-4888-899A-2BF57E8F8692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:espos:*:*:*",
              "matchCriteriaId": "65709414-EAE0-4EA7-9C5F-EBDA80FF2A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "7E05EE7E-993C-4107-9A15-EBE0D2268239",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:*:sap:*:*",
              "matchCriteriaId": "471E110C-10CC-4C36-BDE1-BBB27EF5C6EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:*:*:*:*:sap:*:*",
              "matchCriteriaId": "C665A768-DBDA-4197-9159-A2791E98A84F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:espos:*:*:*",
              "matchCriteriaId": "88FFABAC-A728-4172-9A1E-2B84E82219D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:-:*:*:ltss:*:*:*",
              "matchCriteriaId": "B1065E14-69B3-4643-ACF7-3C14BF07C783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*",
              "matchCriteriaId": "26FDBC27-D993-4A93-BC70-753FA21F4C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:ltss:*:*:*",
              "matchCriteriaId": "55A521F2-51C3-4356-A8D6-BD5A1BD60C85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*",
              "matchCriteriaId": "A256B5D1-49D2-4363-AAD6-30FD32F0D132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "6E1420DB-3DF2-4A95-B703-913D67727295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "6C2EACE6-C127-4B13-8002-8EEBEE8D549B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "72FDB554-E771-42DA-8B9E-DB5CB545A660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "6C734CEC-64F2-4129-B52E-C81884B3AC9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:helion_openstack:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "541BB602-443D-4D8E-A46F-5EC4A9702E17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges."
    },
    {
      "lang": "es",
      "value": "En cifs-utils versiones hasta 6.14, un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria cuando es analizado el argumento de l\u00ednea de comandos mount.cifs ip= podr\u00eda conllevar a que atacantes locales obtuvieran privilegios de root"
    }
  ],
  "id": "CVE-2022-27239",
  "lastModified": "2024-11-21T06:55:28.487",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-27T14:15:09.203",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/piastry/cifs-utils/pull/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202311-05"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.samba.org/show_bug.cgi?id=15025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1197216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/piastry/cifs-utils/pull/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/piastry/cifs-utils/pull/7/commits/955fb147e97a6a74e1aaa65766de91e2c1479765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202311-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5157"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-01-28 20:15
Modified
2024-11-21 06:36
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
References
secalert@redhat.comhttp://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
secalert@redhat.comhttp://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-001Mitigation, Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2025869Issue Tracking, Patch
secalert@redhat.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdfThird Party Advisory
secalert@redhat.comhttps://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683Patch
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txtExploit, Mitigation, Third Party Advisory
secalert@redhat.comhttps://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/Exploit, Third Party Advisory
secalert@redhat.comhttps://www.starwindsoftware.com/security/sw-20220818-0001/Third Party Advisory
secalert@redhat.comhttps://www.suse.com/support/kb/doc/?id=000020564Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/vulnerabilities/RHSB-2022-001Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2025869Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683Patch
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txtExploit, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.starwindsoftware.com/security/sw-20220818-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.suse.com/support/kb/doc/?id=000020564Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034
Impacted products
Vendor Product Version
polkit_project polkit *
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux 8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_eus 8.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
canonical ubuntu_linux 21.10
suse enterprise_storage 7.0
suse linux_enterprise_high_performance_computing 15.0
suse manager_proxy 4.1
suse manager_server 4.1
suse linux_enterprise_desktop 15
suse linux_enterprise_server 15
suse linux_enterprise_server 15
suse linux_enterprise_workstation_extension 12
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
oracle zfs_storage_appliance_kit 8.8
siemens sinumerik_edge *
siemens scalance_lpe9403_firmware *
siemens scalance_lpe9403 -
starwindsoftware command_center 1.0
starwindsoftware starwind_virtual_san v8


To clipboard 

{
  "cisaActionDue": "2022-07-18",
  "cisaExploitAdd": "2022-06-27",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Red Hat Polkit Out-of-Bounds Read and Write Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01D94C9-1E04-413B-8636-1AAC6D9E84D6",
              "versionEndExcluding": "121",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB70A2F8-EAB3-4898-9353-F679FF721C82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB3AC848-C2D0-4878-8619-F5815173555D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB105EC-19F9-424A-86F1-305A6FD74A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB6F417-25D0-4A28-B7BA-D21929EAA9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "61917784-47F1-4328-BA1F-A88C5E23496B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C2E003-A71C-4D06-B8B3-F93160568182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7305944-AC9C-47A3-AADF-71A8B24830D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*",
              "matchCriteriaId": "CDFEA8DC-7D78-4ACD-A95C-9408F45EEAE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9910C73A-3BCD-4F56-8C7D-79CB289640A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5810E98-7BF5-42E2-9DE9-661049ABE367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "8C4F62C0-4188-433A-8292-559025CA23C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*",
              "matchCriteriaId": "07D416C5-4A0F-4EF3-A3DE-A028AAA4F739",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*",
              "matchCriteriaId": "F6C1736B-0505-4C19-98B7-90C8359F3BCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "243B9B56-C744-4C1C-B42E-158C1B041B6A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D069EA07-88A5-4058-A2BC-44F94D9ACC9A",
              "versionEndExcluding": "3.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC41AD4-69E5-48D8-8216-671F485C3C40",
              "versionEndExcluding": "2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52A77C9D-E59C-4397-B834-797D7B334A6B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*",
              "matchCriteriaId": "B323EF31-7A67-4458-8323-86F8AA58268C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*",
              "matchCriteriaId": "14AF427F-BC75-40C7-9579-34A74E2E475D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad de escalada de privilegios local en la utilidad pkexec de polkit. La aplicaci\u00f3n pkexec es una herramienta setuid dise\u00f1ada para permitir a usuarios sin privilegios ejecutar comandos como usuarios privilegiados de acuerdo con pol\u00edticas predefinidas. La versi\u00f3n actual de pkexec no maneja correctamente el recuento de par\u00e1metros de llamada y termina intentando ejecutar variables de entorno como comandos. Un atacante puede aprovechar esto creando variables de entorno de tal manera que induzcan a pkexec a ejecutar c\u00f3digo arbitrario. Cuando se ejecuta con \u00e9xito, el ataque puede provocar una escalada de privilegios locales otorgando a los usuarios sin privilegios derechos administrativos en la m\u00e1quina de destino."
    }
  ],
  "id": "CVE-2021-4034",
  "lastModified": "2024-11-21T06:36:45.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-01-28T20:15:12.193",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/support/kb/doc/?id=000020564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/support/kb/doc/?id=000020564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2024-11-21 02:53
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
References
cve@mitre.orghttp://bugs.ntp.org/3042Issue Tracking, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
cve@mitre.orghttp://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
cve@mitre.orghttp://support.ntp.org/bin/view/Main/NtpBug3042Vendor Advisory
cve@mitre.orghttp://support.ntp.org/bin/view/Main/SecurityNoticeRelease Notes, Vendor Advisory
cve@mitre.orghttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
cve@mitre.orghttp://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/538599/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/538600/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/540683/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/91009Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.ubuntu.com/usn/USN-3096-1
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
cve@mitre.orghttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usThird Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
cve@mitre.orghttps://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201607-15Third Party Advisory
cve@mitre.orghttps://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
cve@mitre.orghttps://www.kb.cert.org/vuls/id/321640
af854a3a-2127-422b-91ae-364da2661108http://bugs.ntp.org/3042Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/NtpBug3042Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.ntp.org/bin/view/Main/SecurityNoticeRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/321640Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538599/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/538600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/540683/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/91009Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036037Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-3096-1
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03757en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201607-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/321640
Impacted products
Vendor Product Version
ntp ntp *
ntp ntp *
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
ntp ntp 4.2.8
oracle solaris 10
oracle solaris 11.3
suse manager_proxy 2.1
suse openstack_cloud 5
novell suse_manager 2.1
opensuse leap 42.1
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 11
suse linux_enterprise_server 12
siemens simatic_net_cp_443-1_opc_ua_firmware *
siemens simatic_net_cp_443-1_opc_ua -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
              "versionEndExcluding": "4.2.8",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "863751A2-A97F-47CD-8D57-6D60E6F3593D",
              "versionEndExcluding": "4.3.93",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
              "matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
              "matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
              "matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
              "matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
              "matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
              "matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
              "matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
              "matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
              "matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
              "matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "514646C5-C5D4-487E-8950-B3A2B1DE8EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
    },
    {
      "lang": "es",
      "value": "ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (transici\u00f3n de modo intercalado y cambio de hora) a trav\u00e9s de un paquete de difusi\u00f3n manipulado. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2016-1548."
    }
  ],
  "id": "CVE-2016-4956",
  "lastModified": "2024-11-21T02:53:17.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-05T01:59:03.283",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3042"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91009"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "http://bugs.ntp.org/3042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/321640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/321640"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}