CVE-2013-5211

Vulnerability from cvelistv5

Published

2014-01-02 11:00

Modified

2024-08-06 17:06

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc	Third Party Advisory
cve@mitre.org	http://bugs.ntp.org/show_bug.cgi?id=1532	Issue Tracking
cve@mitre.org	http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04	Third Party Advisory, US Government Resource
cve@mitre.org	http://lists.ntp.org/pipermail/pool/2011-December/005616.html	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html	Third Party Advisory
cve@mitre.org	http://marc.info/?l=bugtraq&m=138971294629419&w=2	Mailing List
cve@mitre.org	http://marc.info/?l=bugtraq&m=144182594518755&w=2	Mailing List, Third Party Advisory
cve@mitre.org	http://openwall.com/lists/oss-security/2013/12/30/6	Mailing List
cve@mitre.org	http://openwall.com/lists/oss-security/2013/12/30/7	Mailing List
cve@mitre.org	http://secunia.com/advisories/59288	Not Applicable
cve@mitre.org	http://secunia.com/advisories/59726	Not Applicable
cve@mitre.org	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861	Broken Link
cve@mitre.org	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892	Broken Link
cve@mitre.org	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/348126	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/64692	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1030433	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.us-cert.gov/ncas/alerts/TA14-013A	Third Party Advisory, US Government Resource
cve@mitre.org	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232	Third Party Advisory
cve@mitre.org	https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory	Broken Link

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59288",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59288"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
          },
          {
            "name": "openSUSE-SU-2014:1149",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "HPSBUX02960",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
          },
          {
            "name": "TA14-013A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
          },
          {
            "name": "64692",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64692"
          },
          {
            "name": "VU#348126",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/348126"
          },
          {
            "name": "HPSBOV03505",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
          },
          {
            "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
          },
          {
            "name": "59726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59726"
          },
          {
            "name": "1030433",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030433"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
          },
          {
            "name": "[pool] 20111210 Odd surge in traffic today",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
          },
          {
            "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
          },
          {
            "name": "SSRT101419",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "59288",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59288"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
        },
        {
          "name": "openSUSE-SU-2014:1149",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "HPSBUX02960",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
        },
        {
          "name": "TA14-013A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
        },
        {
          "name": "64692",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64692"
        },
        {
          "name": "VU#348126",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/348126"
        },
        {
          "name": "HPSBOV03505",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
        },
        {
          "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
        },
        {
          "name": "59726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59726"
        },
        {
          "name": "1030433",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030433"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
        },
        {
          "name": "[pool] 20111210 Odd surge in traffic today",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
        },
        {
          "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
        },
        {
          "name": "SSRT101419",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59288",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59288"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
            },
            {
              "name": "openSUSE-SU-2014:1149",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "HPSBUX02960",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
            },
            {
              "name": "TA14-013A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
            },
            {
              "name": "64692",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64692"
            },
            {
              "name": "VU#348126",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/348126"
            },
            {
              "name": "HPSBOV03505",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
            },
            {
              "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
            },
            {
              "name": "59726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59726"
            },
            {
              "name": "1030433",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030433"
            },
            {
              "name": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz",
              "refsource": "CONFIRM",
              "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
            },
            {
              "name": "[pool] 20111210 Odd surge in traffic today",
              "refsource": "MLIST",
              "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
            },
            {
              "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
            },
            {
              "name": "SSRT101419",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
            },
            {
              "name": "http://bugs.ntp.org/show_bug.cgi?id=1532",
              "refsource": "CONFIRM",
              "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
            },
            {
              "name": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5211",
    "datePublished": "2014-01-02T11:00:00",
    "dateReserved": "2013-08-15T00:00:00",
    "dateUpdated": "2024-08-06T17:06:52.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-5211\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-01-02T14:59:03.470\",\"lastModified\":\"2023-11-01T12:51:55.707\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.\"},{\"lang\":\"es\",\"value\":\"La caracter\u00edstica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (amplificaci\u00f3n de tr\u00e1fico) a trav\u00e9s de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE554781-1EB9-446E-911F-6C11970C47F4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2.7\",\"matchCriteriaId\":\"1CC55810-13AD-49D2-AFE5-A95F00824915\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CAC15F6-514F-4BED-A2A5-E89F4349D8AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p0:*:*:*:*:*:*\",\"matchCriteriaId\":\"B481C553-B73E-4DA2-9D5E-3774FF846590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AFDFCA1-0D59-4973-ACFE-CB75BD934154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"A04F57D2-2D27-4FBF-8530-2AC3FB744E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"518C32C8-0558-46A1-8532-90DBA1616221\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E43BA6C-4FAE-4B96-90D3-E212BD21233D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D4E0EEC-92AD-43B2-8539-921AAA0BAF8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC4F7DB-7769-4F81-B301-C973D0EB2E01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"3862A517-5302-4CC5-A553-E8ED8F408984\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E23550B-55D9-4D2A-868C-1F2E5833FFD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"703DD909-3E63-46AF-BDBD-DB99035D17C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"9307FD4B-AF64-476B-A238-1C8C9E8D7938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"19D2387E-78A0-42BD-B33E-5CE2858888DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF76B320-FE22-4528-9189-982909B67EA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"4212F77B-AD87-47CE-972E-ADDF3E0A855C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"26DC7E1A-9F45-4F71-8EBE-8C4811757511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"93AEBFB8-C063-4862-ADA5-32C8AD6A215D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD38DF5B-0FE3-46B0-9313-0BEDB2FB85BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"19B1C33A-80DD-4942-81A3-5A91B77B902D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE315238-7191-4A2E-A3C6-2162BE589C78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5453B367-AF6E-49F1-A448-EEC9BD30F774\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0040B79-5D07-4BEA-8861-8D827FB31735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D00C1A08-1AFF-4AED-9F32-6F7400E24427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6478C98A-FC07-457D-996D-53B9361B52D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1D01BD4-27BF-49BD-9305-F26E0EC778AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4E82220-4E07-41B0-952A-9C0CC0973D60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"38F02F01-569A-445D-A954-D9369E0B8850\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7B037A8-72A6-4DFF-94B2-D688A5F6F876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B8FEDF-6CB0-46E9-9AD7-4445B001C158\"}]}]}],\"references\":[{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://bugs.ntp.org/show_bug.cgi?id=1532\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://lists.ntp.org/pipermail/pool/2011-December/005616.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2013/12/30/6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://openwall.com/lists/oss-security/2013/12/30/7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://secunia.com/advisories/59288\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://secunia.com/advisories/59726\",\"source\":\"cve@mitre.org\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/348126\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/64692\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1030433\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/ncas/alerts/TA14-013A\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]}]}}"
  }
}

ghsa-2q29-vhpq-hpv3

Vulnerability from github

Published

2022-05-14 02:11

Modified

2022-05-14 02:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-02T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.",
  "id": "GHSA-2q29-vhpq-hpv3",
  "modified": "2022-05-14T02:11:38Z",
  "published": "2022-05-14T02:11:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5211"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
    },
    {
      "type": "WEB",
      "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
    },
    {
      "type": "WEB",
      "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59288"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59726"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
    },
    {
      "type": "WEB",
      "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/348126"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/64692"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030433"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. Multiple broadband routers contain an issue where they may behave as open resolvers. A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. This issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC. In addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.The device may be used in a DNS amplification attack and unknowingly become a part of a DDoS attack. NTP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users. The net-misc/ntp package contains the official reference implementation by the NTP Project.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/ntp < 4.2.6_p5-r10 >= 4.2.6_p5-r10

Description

ntpd is susceptible to a reflected Denial of Service attack. Please review the CVE identifiers and references below for details.

Workaround

We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10 and added "noquery" to the default restriction which disallows anyone to query the ntpd status, including "monlist".

If you use a non-default configuration, and provide a ntp service to untrusted networks, we highly recommend you to revise your configuration to disable mode 6 and 7 queries for any untrusted (public) network.

You can always enable these queries for specific trusted networks. For more details please see the "Access Control Support" chapter in the ntp.conf(5) man page.

Resolution

All NTP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.6_p5-r10"

Note that the updated package contains a modified default configuration only.

References

[ 1 ] CVE-2013-5211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5211 [ 2 ] VU#348126 http://www.kb.cert.org/vuls/id/348126

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201401-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

National Cyber Awareness System TA13-088A: DNS Amplification Attacks

Original release date: March 29, 2013

Systems Affected

Domain Name System (DNS) servers

Overview

Description

A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic. The basic attack technique consists of an attacker sending a DNS name lookup request to an open recursive DNS server with the source address spoofed to be the victims address. When the DNS server sends the DNS record response, it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. By leveraging a botnet to perform additional spoofed DNS queries, an attacker can produce an overwhelming amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks.

While the attacks are difficult to prevent, network operators can implement several possible mitigation strategies. The primary element in the attack that is the focus of an effective long-term solution is the detection and elimination of open recursive DNS resolvers. These systems are typically legitimate DNS servers that have been improperly configured to respond to recursive queries on behalf of any system, rather than restricting recursive responses only to requests from local or authorized clients. By identifying these systems, an organization or network operator can reduce the number of potential resources that the attacker can employ in an attack.

Impact

A misconfigured Domain Name System (DNS) server can be exploited to participate in a Distributed Denial of Service (DDoS) attack.

Solution

DETECTION

Several organizations offer free, web-based scanning tools that will search a network for vulnerable open DNS resolvers. These tools will scan entire network ranges and list the address of any identified open resolvers. The query interface allows network administrators to enter IP ranges in CIDR format [1].

The Measurement Factory http://dns.measurement-factory.com Like the Open DNS Resolver Project, the Measurement Factory maintains a list of Internet accessible DNS servers and allows administrators to search for open recursive resolvers [2]. In addition, the Measurement Factory offers a free tool to directly test an individual DNS resolver to determine if it allows open recursion. This will allow an administrator to determine if configuration changes are necessary and verify that configuration changes have been effective [3]. Finally, the site offers statistics showing the number of open resolvers detected on the various Autonomous System (AS) networks, sorted by the highest number found [4].

DNSInspect http://www.dnsinspect.com Another freely available, web-based tool for testing DNS resolvers is DNSInspect. This site is similar to The Measurement Factorys ability to test a specific resolver for vulnerability, but offers the ability to test an entire DNS Zone for several other potential configuration and security issues [5].

Indicators

In a typical recursive DNS query, a client sends a query request to a local DNS server requesting the resolution of a name or the reverse resolution of an IP address. The DNS server performs the necessary queries on behalf of the client and returns a response packet with the requested information or an error [6, page 21]. The specification does not allow for unsolicited responses. In a DNS amplification attack, the key indicator is a query response without a matching request.

MITIGATION

Unfortunately, due to the overwhelming traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack. While the only effective means of eliminating this type of attack is to eliminate open recursive resolvers, this requires a large-scale effort by numerous parties. According to the Open DNS Resolver Project, of the 27 million known DNS resolvers on the Internet, approximately 25 million pose a significant threat of being used in an attack [1]. However, several possible techniques are available to reduce the overall effectiveness of such attacks to the Internet community as a whole. Where possible, configuration links have been provided to assist administrators with making the recommended changes. The configuration information has been limited to BIND9 and Microsofts DNS Server, which are two widely deployed DNS servers. If you are running a different DNS server, please see your vendors documentation for configuration details.

Source IP Verification

Because the DNS queries being sent by the attacker-controlled clients must have a source address spoofed to appear as the victims system, the first step to reducing the effectiveness of DNS amplification is for Internet Service Providers to deny any DNS traffic with spoofed addresses. The Network Working Group of the Internet Engineering Task Force released a Best Current Practice document in May 2000 that describes how an Internet Service Provider can filter network traffic on their network to drop packets with source addresses not reachable via the actual packets path [7]. This configuration change would considerably reduce the potential for most current types of DDoS attacks.

Disabling Recursion on Authoritative Name Servers

Many of the DNS servers currently deployed on the Internet are exclusively intended to provide name resolution for a single domain. These systems do not need to support resolution of other domains on behalf of a client, and therefore should be configured with recursion disabled.

Bind9

Add the following to the global options [8]: options { allow-query-cache { none; }; recursion no; };

Microsoft DNS Server

In the Microsoft DNS console tool [9]: * Right-click the DNS server and click Properties. * Click the Advanced tab. * In Server options, select the Disable recursion check box, and then click OK.

Limiting Recursion to Authorized Clients

For DNS servers that are deployed within an organization or ISP to support name queries on behalf of a client, the resolver should be configured to only allow queries on behalf of authorized clients. These requests should typically only come from clients within the organizations network address range.

BIND9

In the global options, add the following [10]: acl corpnets { 192.168.1.0/24; 192.168.2.0/24; }; options { allow-query { corpnets; }; allow-recursion { corpnets; }; };

Microsoft DNS Server

It is not currently possible to restrict recursive DNS requests to a specific client address range in Microsoft DNS Server. The most effective means of approximating this functionality is to configure the internal DNS server to forward queries to an external DNS server and restrict DNS traffic in the firewall to restrict port 53 UDP traffic to the internal server and the external forwarder [11].

Rate Limiting Response of Recursive Name Servers

There is currently an experimental feature available as a set of patches for BIND9 that allows an administrator to restrict the number of responses per second being sent from the name server [12]. This is intended to reduce the effectiveness of DNS amplification attacks by reducing the volume of traffic coming from any single resolver.

BIND9

On BIND9 implementation running the RRL patches, add the following lines to the options block of the authoritative views [13]: rate-limit { responses-per-second 5; window 5; };

Microsoft DNS Server

This option is currently not available for Microsoft DNS Server.

References

[1] Open DNS Resolver Project
[2] The Measurement Factory, "List Open Resolvers on Your Network"
[3] The Measurement Factory, "Open Resolver Test"
[4] The Measurement Factory, "Open Resolvers for Each Autonomous System"
[5] "DNSInspect," DNSInspect.com
[6] RFC 1034: DOMAIN NAMES - CONCEPTS AND FACILITIES
[7] BCP 38: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
[8] Chapter 3. Name Server Configuration
[9] Disable recursion on the DNS server
[10] Chapter 7. BIND 9 Security Considerations
[11] Configure a DNS Server to Use Forwarders
[12] DNS Response Rate Limiting (DNS RRL)
[13] Response Rate Limiting in the Domain Name System (DNS RRL)

Revision History

March 29, 2013: Initial release

Relevant URL(s): http://openresolverproject.org/

http://dns.measurement-factory.com/cgi-bin/openresolverquery.pl

http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl

http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html

http://www.dnsinspect.com/

http://tools.ietf.org/html/rfc1034

http://tools.ietf.org/html/bcp38

http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch03.html#id2567992

http://technet.microsoft.com/en-us/library/cc787602.aspx

http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch07.html#Access_Control_Lists

http://technet.microsoft.com/en-us/library/cc754941.aspx

http://ss.vix.su/~vixie/isc-tn-2012-1.txt

http://www.redbarn.org/dns/ratelimits

Produced by US-CERT, a government organization.

This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification/

Privacy & Use policy: http://www.us-cert.gov/privacy/

This document can also be found at http://www.us-cert.gov/ncas/alerts/TA13-088A

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/mailing-lists-and-feeds/

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUVXuq3dnhE8Qi3ZhAQIBXAf+LICtxQHGu5j7x8NAFG+tTSWrjducZ37v oWhQuSsXp9XjwAN1RdXOZRpX2Sbp5b1bVZ+FfjdPljoRVpoRksuBu5qOfzathZEP 3aRA7O0Kffuk2ofCsn8I9nWOas7bZa9gO8hGan4ORjEJLt4OWFtPW+2aWfDKY72x lcky1Ms6Z1TGkCTgJLuoUXXmGg8JQJqvRfkc7VAY4ttpJV1/DtpMIZyf2Hbr4inp ClnGYi64ukzu38kYkQ33u3oPKjYX8bwWKAZRnpQAcHO8ddswKre7Cz2Ar5tTNluY 0/nzEAx6BVAKgntp5NUJ8y55ej+RyEQiCpBAkhE8xImmxAUPJ7AiMw== =FVTl -----END PGP SIGNATURE----- .

Release Date: 2015-09-09 Last Updated: 2015-09-09

Potential Security Impact: Remote denial of service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP.

References:

CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. TCP/IP Services for OpenVMS V5.7 ECO5 running NTP

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-5211 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following patch kits available to resolve the vulnerabilities with TCP/IP Services for OpenVMS running NTP.

Platform Patch Kit Name

Alpha IA64 V8.4 75-117-380_2015-08-24.BCK

NOTE: Please contact OpenVMS Technical Support to request these patch kits.

HISTORY Version:1 (rev.1) - 9 September 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Corrected: 2014-01-14 19:04:33 UTC (stable/10, 10.0-PRERELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC5-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC1-p1) 2014-01-14 19:20:41 UTC (stable/9, 9.2-STABLE) 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3) 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10) 2014-01-14 19:20:41 UTC (stable/8, 8.4-STABLE) 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7) 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14) CVE Name: CVE-2013-5211

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source.

II. Problem Description

The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication.

III. Impact

An attacker can send 'monlist' queries and use that as an amplification of a reflection attack.

IV. This can be done by adding the following lines to /etc/ntp.conf:

restrict -4 default nomodify nopeer noquery notrap restrict -6 default nomodify nopeer noquery notrap restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0

And restart the ntpd(8) daemon. Time service is not affected and the administrator can still perform queries from local host.

2) Use IP based restrictions in ntpd(8) itself or in IP firewalls to restrict which systems can access ntpd(8).

3) Replace the base system ntpd(8) with net/ntp-devel (version 4.2.7p76 or newer)

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch

fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc

gpg --verify ntpd.patch.asc

b) Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

Recompile the operating system using buildworld and installworld as described in .

Restart the ntpd(8) daemon, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Note that the patch would disable monitoring features of ntpd(8) daemon by default. If the feature is desirable, the administrator can choose to enable it and firewall access to ntpd(8) service.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision

stable/8/ r260641 releng/8.3/ r260647 releng/8.4/ r260647 stable/9/ r260641 releng/9.1/ r260647 releng/9.2/ r260647 stable/10/ r260639 releng/10.0/ r260641

To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

VMware Security Advisory

Advisory ID: VMSA-2014-0002 Synopsis: VMware vSphere updates to third party libraries Issue date: 2014-03-11 Updated on: 2014-03-11 (initial advisory) CVE numbers: --NTP --- CVE-2013-5211 --glibc (service console) --- CVE-2013-4332 --JRE-- See references

Summary

VMware has updated vSphere third party libraries.

Relevant releases

vCenter Server Appliance 5.5 prior to 5.5 Update 1

VMware vCenter Server 5.5 prior 5.5 Update 1

VMware Update Manager 5.5 prior 5.5 Update 1

VMware ESXi 5.5 without patch ESXi550-201403101-SG

Problem Description

a. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.

  Mitigation

  Mitigation for this issue is documented in VMware Knowledge Base
  article 2070193. This article also documents when vSphere 
  products are affected.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2013-5211 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  VMware        Product Running Replace with/
  Product       Version on  Apply Patch
  ============= ======= ======= =================
  VCSA      5.5 Linux   5.5 Update 1  
  VCSA      5.1 Linux   patch pending 
  VCSA      5.0 Linux   patch pending

  ESXi      5.5 ESXi    ESXi550-201403101-SG
  ESXi      5.1 ESXi    patch pending 
  ESXi      5.0 ESXi    patch pending 
  ESXi      4.1 ESXi    patch pending 
  ESXi      4.0 ESXi    patch pending

  ESX       4.1 ESX patch pending 
  ESX       4.0 ESX patch pending

b. Update to ESXi glibc package

 The ESXi glibc package is updated to version
 glibc-2.5-118.el5_10.2 to resolve a security issue.

 The Common Vulnerabilities and Exposures project (cve.mitre.org)
 has assigned the name CVE-2013-4332 to this issue.

 Column 4 of the following table lists the action required to
 remediate the vulnerability in each release, if a solution is
 available.

 VMware          Product   Running  Replace with/
 Product         Version   on       Apply Patch
 ==============  ========  =======  =================
 ESXi            5.5       ESXi     ESXi550-201403101-SG
 ESXi            5.1       ESXi     patch pending
 ESXi            5.0       ESXi     patch pending 
 ESXi            4.1       ESXi     no patch planned
 ESXi            4.0       ESXi     no patch planned

 ESX             4.1       ESX      not applicable
 ESX             4.0       ESX      not applicable

c. vCenter and Update Manager, Oracle JRE 1.7 Update 45

 Oracle JRE is updated to version JRE 1.7 Update 45, which
 addresses multiple security issues that existed in earlier
 releases of Oracle JRE.

 Oracle has documented the CVE identifiers that are addressed
 in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch 
 Update Advisory of October 2013. The References section provides
 a link to this advisory.

 Column 4 of the following table lists the action required to
 remediate the vulnerability in each release, if a solution is
 available.

 VMware       Product   Running Replace with/
 Product          Version   on  Apply Patch
 =============    =======   ======= =================
 vCenter Server   5.5       Any     5.5 Update 1  
 vCenter Server   5.1   Any not applicable **
 vCenter Server   5.0   Any not applicable **
 vCenter Server   4.1   Windows not applicable **
 vCenter Server   4.0   Windows not applicable *

 Update Manager   5.5       Windows 5.5 Update 1 
 Update Manager   5.1   Windows not applicable **
 Update Manager   5.0   Windows not applicable **
 Update Manager   4.1   Windows not applicable *
 Update Manager   4.0   Windows not applicable *

 ESXi         any   ESXi    not applicable

 ESX          4.1   ESX not applicable **
 ESX          4.0   ESX not applicable *

 * this product uses the Oracle JRE 1.5.0 family
 ** this product uses the Oracle JRE 1.6.0 family

Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

vCenter Server 5.5

Download link:

https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_ vsphere/5_5

Release Notes:

https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-rel ease-notes.html

ESXi 5.5

File: update-from-esxi5.5-5.5_update01.zip md5sum:5773844efc7d8e43135de46801d6ea25 sha1sum:6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065826 update-from-esxi5.5-5.5_update01 contains ESXi550-201403101-SG

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332

--------- jre --------- Oracle Java SE Critical Patch Update Advisory of October 2013

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

VMware Knowledge Base article 2070193 http://kb.vmware.com/kb/2070193

Change log

2014-03-11 VMSA-2014-0002 Initial security advisory in conjunction with the release of vSphere 5.5 Update 1 on 2014-03-11

Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

Twitter https://twitter.com/VMwareSRC

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz: Rebuilt. By default, Slackware is not vulnerable since it includes "noquery" as a default restriction. However, it is vulnerable if this restriction is removed. To help mitigate this flaw, "disable monitor" has been added to the default ntp.conf (which will disable the monlist command even if other queries are allowed), and the default restrictions have been extended to IPv6 as well. All users of the NTP daemon should make sure that their ntp.conf contains "disable monitor" to prevent misuse of the NTP service. The new ntp.conf file will be installed as /etc/ntp.conf.new with a package upgrade, but the changes will need to be merged into any existing ntp.conf file by the admin. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211 http://www.kb.cert.org/vuls/id/348126 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Please do not reply to this email address

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0184",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ntp",
        "version": "4.2.7"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "meinberg funkuhren",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "network time protocol",
        "version": null
      },
      {
        "model": "",
        "scope": null,
        "trust": 0.8,
        "vendor": "multiple venders",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.7"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.12"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "tcp/ip services for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.7"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-release/alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-release-p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.0"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.10"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.9"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-release-p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.8"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "-release-p17",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "-release-p20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.6"
      },
      {
        "model": "-stablepre2002-03-07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "-release-p32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-release-p42",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.4"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "-release-p38",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.3"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.0"
      },
      {
        "model": "-stablepre2001-07-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5.1"
      },
      {
        "model": "-stablepre122300",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "-stablepre050201",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.1"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "3.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.8"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.7"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.6"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1.5"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.2-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release -p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2-"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.2"
      },
      {
        "model": "8.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.1"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.4"
      },
      {
        "model": "7.3-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "release p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3--"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.3"
      },
      {
        "model": "7.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.2-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.2"
      },
      {
        "model": "7.1-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.1-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "-release-p2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "-release-p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "-pre-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.1"
      },
      {
        "model": "7.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p12",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "7.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "-prerelease",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "7.0"
      },
      {
        "model": "6.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.4-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.4-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release-p3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.4"
      },
      {
        "model": "6.3-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "-release-p9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "-release-p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "-release-p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.3"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "-releng",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.2"
      },
      {
        "model": "-stable",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "-release-p10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "-release",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.1"
      },
      {
        "model": "6.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "6.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.5"
      },
      {
        "model": "5.4-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.4"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "5.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "4.11"
      },
      {
        "model": "4.10-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.2.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "2.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.5"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.2"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "1.0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "0.41"
      },
      {
        "model": "video surveillance operations manager software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#348126"
      },
      {
        "db": "BID",
        "id": "64692"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dave Hart",
    "sources": [
      {
        "db": "BID",
        "id": "64692"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-5211",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-5211",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.1,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 7.8,
            "collateralDamagePotential": "NOT DEFINED",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 4.6,
            "exploitability": "PROOF-OF-CONCEPT",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-5211",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "HIGH",
            "targetDistribution": "MEDIUM",
            "trust": 0.8,
            "userInterationRequired": null,
            "vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2013-000087",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5211",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-5211",
            "trust": 0.8,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2013-000087",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-003",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-5211",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#348126"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. Multiple broadband routers contain an issue where they may behave as open resolvers. A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. This issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC. In addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.The device may be used in a DNS amplification attack and unknowingly become a part of a DDoS attack. NTP is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users. The net-misc/ntp package contains the official reference\nimplementation by the NTP Project. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp              \u003c 4.2.6_p5-r10         \u003e= 4.2.6_p5-r10\n\nDescription\n===========\n\nntpd is susceptible to a reflected Denial of Service attack. Please\nreview the CVE identifiers and references below for details. \n\nWorkaround\n==========\n\nWe modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10\nand added \"noquery\" to the default restriction which disallows anyone\nto query the ntpd status, including \"monlist\". \n\nIf you use a non-default configuration, and provide a ntp service to\nuntrusted networks, we highly recommend you to revise your\nconfiguration to disable mode 6 and 7 queries for any untrusted\n(public) network. \n\nYou can always enable these queries for specific trusted networks. For\nmore details please see the \"Access Control Support\" chapter in the\nntp.conf(5) man page. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.6_p5-r10\"\n\nNote that the updated package contains a modified default configuration\nonly. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-5211\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5211\n[ 2 ] VU#348126\n      http://www.kb.cert.org/vuls/id/348126\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNational Cyber Awareness System\nTA13-088A: DNS Amplification Attacks\n\n\nOriginal release date: March 29, 2013\n\nSystems Affected\n\n * Domain Name System (DNS) servers\n\nOverview\n\nA Domain Name Server (DNS) Amplification attack is a popular form of\nDistributed Denial of Service (DDoS) that relies on the use of\npublically accessible open recursive DNS servers to overwhelm a victim\nsystem with DNS response traffic. \n\nDescription\n\nA Domain Name Server (DNS) Amplification attack is a popular form of\nDistributed Denial of Service (DDoS) that relies on the use of\npublically accessible open recursive DNS servers to overwhelm a victim\nsystem with DNS response traffic. The basic attack technique consists of\nan attacker sending a DNS name lookup request to an open recursive DNS\nserver with the source address spoofed to be the victims address. When\nthe DNS server sends the DNS record response, it is sent instead to the\nvictim. Because the size of the response is typically considerably\nlarger than the request, the attacker is able to amplify the volume of\ntraffic directed at the victim. By leveraging a botnet to perform\nadditional spoofed DNS queries, an attacker can produce an overwhelming\namount of traffic with little effort. Additionally, because the\nresponses are legitimate data coming from valid servers, it is\nespecially difficult to block these types of attacks. \n\nWhile the attacks are difficult to prevent, network operators can\nimplement several possible mitigation strategies. The primary element in\nthe attack that is the focus of an effective long-term solution is the\ndetection and elimination of open recursive DNS resolvers. These systems\nare typically legitimate DNS servers that have been improperly\nconfigured to respond to recursive queries on behalf of any system,\nrather than restricting recursive responses only to requests from local\nor authorized clients. By identifying these systems, an organization or\nnetwork operator can reduce the number of potential resources that the\nattacker can employ in an attack. \n\nImpact\n\nA misconfigured Domain Name System (DNS) server can be exploited to\nparticipate in a Distributed Denial of Service (DDoS) attack. \n\nSolution\n\nDETECTION\n\nSeveral organizations offer free, web-based scanning tools that will\nsearch a network for vulnerable open DNS resolvers. These tools will\nscan entire network ranges and list the address of any identified open\nresolvers. The query\ninterface allows network administrators to enter IP ranges in CIDR\nformat [1]. \n\nThe Measurement Factory\nhttp://dns.measurement-factory.com\nLike the Open DNS Resolver Project, the Measurement Factory maintains a\nlist of Internet accessible DNS servers and allows administrators to\nsearch for open recursive resolvers [2]. In addition, the Measurement\nFactory offers a free tool to directly test an individual DNS resolver\nto determine if it allows open recursion. This will allow an\nadministrator to determine if configuration changes are necessary and\nverify that configuration changes have been effective [3]. Finally, the\nsite offers statistics showing the number of open resolvers detected on\nthe various Autonomous System (AS) networks, sorted by the highest\nnumber found [4]. \n\nDNSInspect\nhttp://www.dnsinspect.com\nAnother freely available, web-based tool for testing DNS resolvers is\nDNSInspect. This site is similar to The Measurement Factorys ability to\ntest a specific resolver for vulnerability, but offers the ability to\ntest an entire DNS Zone for several other potential configuration and\nsecurity issues [5]. \n\nIndicators\n\nIn a typical recursive DNS query, a client sends a query request to a\nlocal DNS server requesting the resolution of a name or the reverse\nresolution of an IP address. The DNS server performs the necessary\nqueries on behalf of the client and returns a response packet with the\nrequested information or an error [6, page 21]. The specification does\nnot allow for unsolicited responses. In a DNS amplification attack, the\nkey indicator is a query response without a matching request. \n\nMITIGATION\n\nUnfortunately, due to the overwhelming traffic volume that can be\nproduced by one of these attacks, there is often little that the victim\ncan do to counter a large-scale DNS amplification-based distributed\ndenial-of-service attack. While the only effective means of eliminating\nthis type of attack is to eliminate open recursive resolvers, this\nrequires a large-scale effort by numerous parties. According to the Open\nDNS Resolver Project, of the 27 million known DNS resolvers on the\nInternet, approximately 25 million pose a significant threat of being\nused in an attack [1]. However, several possible techniques are\navailable to reduce the overall effectiveness of such attacks to the\nInternet community as a whole. Where possible, configuration links have\nbeen provided to assist administrators with making the recommended\nchanges. The configuration information has been limited to BIND9 and\nMicrosofts DNS Server, which are two widely deployed DNS servers. If you\nare running a different DNS server, please see your vendors\ndocumentation for configuration details. \n\nSource IP Verification\n\nBecause the DNS queries being sent by the attacker-controlled clients\nmust have a source address spoofed to appear as the victims system, the\nfirst step to reducing the effectiveness of DNS amplification is for\nInternet Service Providers to deny any DNS traffic with spoofed\naddresses. The Network Working Group of the Internet Engineering Task\nForce released a Best Current Practice document in May 2000 that\ndescribes how an Internet Service Provider can filter network traffic on\ntheir network to drop packets with source addresses not reachable via\nthe actual packets path [7]. This configuration change would\nconsiderably reduce the potential for most current types of DDoS\nattacks. \n\nDisabling Recursion on Authoritative Name Servers\n\nMany of the DNS servers currently deployed on the Internet are\nexclusively intended to provide name resolution for a single domain. \nThese systems do not need to support resolution of other domains on\nbehalf of a client, and therefore should be configured with recursion\ndisabled. \n\nBind9\n\nAdd the following to the global options [8]:\noptions {\n allow-query-cache { none; };\n recursion no;\n};\n\nMicrosoft DNS Server\n\nIn the Microsoft DNS console tool [9]: * Right-click the DNS server and\nclick Properties. \n * Click the Advanced tab. \n * In Server options, select the Disable recursion check box, and then\nclick OK. \n\nLimiting Recursion to Authorized Clients\n\nFor DNS servers that are deployed within an organization or ISP to\nsupport name queries on behalf of a client, the resolver should be\nconfigured to only allow queries on behalf of authorized clients. These\nrequests should typically only come from clients within the\norganizations network address range. \n\nBIND9\n\nIn the global options, add the following [10]:\nacl corpnets { 192.168.1.0/24; 192.168.2.0/24; };\noptions {\n allow-query { corpnets; };\n allow-recursion { corpnets; };\n};\n\nMicrosoft DNS Server\n\nIt is not currently possible to restrict recursive DNS requests to a\nspecific client address range in Microsoft DNS Server. The most\neffective means of approximating this functionality is to configure the\ninternal DNS server to forward queries to an external DNS server and\nrestrict DNS traffic in the firewall to restrict port 53 UDP traffic to\nthe internal server and the external forwarder [11]. \n\nRate Limiting Response of Recursive Name Servers\n\nThere is currently an experimental feature available as a set of patches\nfor BIND9 that allows an administrator to restrict the number of\nresponses per second being sent from the name server [12]. This is\nintended to reduce the effectiveness of DNS amplification attacks by\nreducing the volume of traffic coming from any single resolver. \n\nBIND9\n\nOn BIND9 implementation running the RRL patches, add the following lines\nto the options block of the authoritative views [13]:\nrate-limit {\n responses-per-second 5;\n window 5;\n};\n\nMicrosoft DNS Server\n\nThis option is currently not available for Microsoft DNS Server. \n\nReferences\n\n * [1] Open DNS Resolver Project\n * [2] The Measurement Factory, \"List Open Resolvers on Your Network\"\n * [3] The Measurement Factory, \"Open Resolver Test\"\n * [4] The Measurement Factory, \"Open Resolvers for Each Autonomous\nSystem\"\n * [5] \"DNSInspect,\" DNSInspect.com\n * [6] RFC 1034: DOMAIN NAMES - CONCEPTS AND FACILITIES\n * [7] BCP 38: Network Ingress Filtering: Defeating Denial of Service\nAttacks which employ IP Source Address Spoofing\n * [8] Chapter 3. Name Server Configuration\n * [9] Disable recursion on the DNS server\n * [10] Chapter 7. BIND 9 Security Considerations\n * [11] Configure a DNS Server to Use Forwarders\n * [12] DNS Response Rate Limiting (DNS RRL)\n * [13] Response Rate Limiting in the Domain Name System (DNS RRL)\n\nRevision History\n\n * March 29, 2013: Initial release\n\nRelevant URL(s):\n\u003chttp://openresolverproject.org/\u003e\n\n\u003chttp://dns.measurement-factory.com/cgi-bin/openresolverquery.pl\u003e\n\n\u003chttp://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl\u003e\n\n\u003chttp://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html\u003e\n\n\u003chttp://www.dnsinspect.com/\u003e\n\n\u003chttp://tools.ietf.org/html/rfc1034\u003e\n\n\u003chttp://tools.ietf.org/html/bcp38\u003e\n\n\u003chttp://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch03.html#id2567992\u003e\n\n\u003chttp://technet.microsoft.com/en-us/library/cc787602.aspx\u003e\n\n\u003chttp://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch07.html#Access_Control_Lists\u003e\n\n\u003chttp://technet.microsoft.com/en-us/library/cc754941.aspx\u003e\n\n\u003chttp://ss.vix.su/~vixie/isc-tn-2012-1.txt\u003e\n\n\u003chttp://www.redbarn.org/dns/ratelimits\u003e\n\n____________________________________________________________________\n\n   Produced by US-CERT, a government organization. \n____________________________________________________________________\n\nThis product is provided subject to this Notification: \nhttp://www.us-cert.gov/privacy/notification/\n\nPrivacy \u0026 Use policy: \nhttp://www.us-cert.gov/privacy/\n\nThis document can also be found at\nhttp://www.us-cert.gov/ncas/alerts/TA13-088A\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/mailing-lists-and-feeds/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBUVXuq3dnhE8Qi3ZhAQIBXAf+LICtxQHGu5j7x8NAFG+tTSWrjducZ37v\noWhQuSsXp9XjwAN1RdXOZRpX2Sbp5b1bVZ+FfjdPljoRVpoRksuBu5qOfzathZEP\n3aRA7O0Kffuk2ofCsn8I9nWOas7bZa9gO8hGan4ORjEJLt4OWFtPW+2aWfDKY72x\nlcky1Ms6Z1TGkCTgJLuoUXXmGg8JQJqvRfkc7VAY4ttpJV1/DtpMIZyf2Hbr4inp\nClnGYi64ukzu38kYkQ33u3oPKjYX8bwWKAZRnpQAcHO8ddswKre7Cz2Ar5tTNluY\n0/nzEAx6BVAKgntp5NUJ8y55ej+RyEQiCpBAkhE8xImmxAUPJ7AiMw==\n=FVTl\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-09-09\nLast Updated: 2015-09-09\n\nPotential Security Impact: Remote denial of service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the TCP/IP\nServices for OpenVMS running NTP. \n\nReferences:\n\nCVE-2014-9293\nCVE-2014-9294\nCVE-2014-9295\nCVE-2014-9296\nCVE-2013-5211\nSSRT102239\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nTCP/IP Services for OpenVMS V5.7 ECO5 running NTP\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2014-9293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9294    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9295    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2014-9296    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2013-5211    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following patch kits available to resolve the vulnerabilities\nwith TCP/IP Services for OpenVMS running NTP. \n\n  Platform\n   Patch Kit Name\n\n  Alpha IA64 V8.4\n   75-117-380_2015-08-24.BCK\n\n  NOTE: Please contact OpenVMS Technical Support to request these patch kits. \n\nHISTORY\nVersion:1 (rev.1) - 9 September 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \nCorrected:      2014-01-14 19:04:33 UTC (stable/10, 10.0-PRERELEASE)\n                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RELEASE)\n                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC5-p1)\n                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC4-p1)\n                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC3-p1)\n                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC2-p1)\n                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC1-p1)\n                2014-01-14 19:20:41 UTC (stable/9, 9.2-STABLE)\n                2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)\n                2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)\n                2014-01-14 19:20:41 UTC (stable/8, 8.4-STABLE)\n                2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)\n                2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)\nCVE Name:       CVE-2013-5211\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nThe ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)\nused to synchronize the time of a computer system to a reference time\nsource. \n\nII.  Problem Description\n\nThe ntpd(8) daemon supports a query \u0027monlist\u0027 which provides a history of\nrecent NTP clients without any authentication. \n\nIII. Impact\n\nAn attacker can send \u0027monlist\u0027 queries and use that as an amplification of\na reflection attack. \n\nIV.  This can be done by adding the following\nlines to /etc/ntp.conf:\n\nrestrict -4 default nomodify nopeer noquery notrap\nrestrict -6 default nomodify nopeer noquery notrap\nrestrict 127.0.0.1\nrestrict -6 ::1\nrestrict 127.127.1.0\n\nAnd restart the ntpd(8) daemon.  Time service is not affected and the\nadministrator can still perform queries from local host. \n\n2) Use IP based restrictions in ntpd(8) itself or in IP firewalls to\nrestrict which systems can access ntpd(8). \n\n3) Replace the base system ntpd(8) with net/ntp-devel (version 4.2.7p76 or\nnewer)\n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc\n# gpg --verify ntpd.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nNote that the patch would disable monitoring features of ntpd(8) daemon\nby default.  If the feature is desirable, the administrator can choose\nto enable it and firewall access to ntpd(8) service. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r260641\nreleng/8.3/                                                       r260647\nreleng/8.4/                                                       r260647\nstable/9/                                                         r260641\nreleng/9.1/                                                       r260647\nreleng/9.2/                                                       r260647\nstable/10/                                                        r260639\nreleng/10.0/                                                      r260641\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\nVMware Security Advisory\n\nAdvisory ID: VMSA-2014-0002\nSynopsis:    VMware vSphere updates to third party libraries \nIssue date:  2014-03-11\nUpdated on:  2014-03-11 (initial advisory)\nCVE numbers: --NTP ---\n             CVE-2013-5211\n             --glibc (service console) ---\n             CVE-2013-4332\n             --JRE--\n             See references\n- -----------------------------------------------------------------------\n\n1. Summary\n\n   VMware has updated vSphere third party libraries. \n\n2. Relevant releases\n\n   vCenter Server Appliance 5.5 prior to 5.5 Update 1 \n\n   VMware vCenter Server 5.5 prior 5.5 Update 1\n\n   VMware Update Manager 5.5 prior 5.5 Update 1\n\n   VMware ESXi 5.5 without patch ESXi550-201403101-SG\n    \n3. Problem Description\n\n   a. An attacker may send a forged request to a\n      vulnerable NTP server resulting in an amplified response to the\n      intended target of the DDoS attack. \n      \n      Mitigation\n\n      Mitigation for this issue is documented in VMware Knowledge Base\n      article 2070193. This article also documents when vSphere \n      products are affected. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the name CVE-2013-5211 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      VMware\t\tProduct\tRunning\tReplace with/\n      Product\t\tVersion\ton\tApply Patch\n      =============\t=======\t=======\t=================\n      VCSA\t\t5.5\tLinux\t5.5 Update 1  \n      VCSA\t\t5.1\tLinux\tpatch pending \n      VCSA\t\t5.0\tLinux\tpatch pending \n      \n      ESXi\t\t5.5\tESXi\tESXi550-201403101-SG\n      ESXi\t\t5.1\tESXi\tpatch pending \n      ESXi\t\t5.0\tESXi\tpatch pending \n      ESXi\t\t4.1\tESXi\tpatch pending \n      ESXi\t\t4.0\tESXi\tpatch pending \n\t\n      ESX\t\t4.1\tESX\tpatch pending \n      ESX\t\t4.0\tESX\tpatch pending \n\n\n  b. Update to ESXi glibc package\n\n     The ESXi glibc package is updated to version\n     glibc-2.5-118.el5_10.2 to resolve a security issue. \n\n     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n     has assigned the name CVE-2013-4332 to this issue. \n\n     Column 4 of the following table lists the action required to\n     remediate the vulnerability in each release, if a solution is\n     available. \n\n     VMware          Product   Running  Replace with/\n     Product         Version   on       Apply Patch\n     ==============  ========  =======  =================\n     ESXi            5.5       ESXi     ESXi550-201403101-SG\n     ESXi            5.1       ESXi     patch pending\n     ESXi            5.0       ESXi     patch pending \n     ESXi            4.1       ESXi     no patch planned\n     ESXi            4.0       ESXi     no patch planned\n\n     ESX             4.1       ESX      not applicable\n     ESX             4.0       ESX      not applicable\n\n  c. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n      \n     Oracle JRE is updated to version JRE 1.7 Update 45, which\n     addresses multiple security issues that existed in earlier\n     releases of Oracle JRE. \n\n     Oracle has documented the CVE identifiers that are addressed\n     in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch \n     Update Advisory of October 2013. The References section provides\n     a link to this advisory. \n\n     Column 4 of the following table lists the action required to\n     remediate the vulnerability in each release, if a solution is\n     available. \n\n     VMware\t      Product\tRunning\tReplace with/\n     Product\t      Version\ton\tApply Patch\n     =============    =======\t======= =================\n     vCenter Server   5.5       Any     5.5 Update 1  \n     vCenter Server   5.1\tAny\tnot applicable **\n     vCenter Server   5.0\tAny\tnot applicable **\n     vCenter Server   4.1\tWindows\tnot applicable **\n     vCenter Server   4.0\tWindows\tnot applicable *\n\n     Update Manager   5.5       Windows 5.5 Update 1 \n     Update Manager   5.1\tWindows\tnot applicable **\n     Update Manager   5.0\tWindows\tnot applicable **\n     Update Manager   4.1\tWindows\tnot applicable *\n     Update Manager   4.0\tWindows\tnot applicable *\n\n     ESXi\t      any\tESXi\tnot applicable\n\n     ESX\t      4.1\tESX\tnot applicable **\n     ESX\t      4.0\tESX\tnot applicable *\n   \n     * this product uses the Oracle JRE 1.5.0 family\n     ** this product uses the Oracle JRE 1.6.0 family\n \n4. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the checksum of your downloaded file. \n      \n   vCenter Server 5.5 \n   --------------------------\n   Download link: \n  \nhttps://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_\nvsphere/5_5\n\n   Release Notes: \n  \nhttps://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-rel\nease-notes.html\n\n   ESXi 5.5 \n   -----------------\n   File: update-from-esxi5.5-5.5_update01.zip\n   md5sum:5773844efc7d8e43135de46801d6ea25\n   sha1sum:6518355d260e81b562c66c5016781db9f077161f\n   http://kb.vmware.com/kb/2065826\n   update-from-esxi5.5-5.5_update01 contains ESXi550-201403101-SG\n\n5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332\n\n   --------- jre --------- \n   Oracle Java SE Critical Patch Update Advisory of October 2013\n  \nhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\n\n   VMware Knowledge Base article 2070193\n   http://kb.vmware.com/kb/2070193 \n\n- -----------------------------------------------------------------------\n\n6. Change log\n\n   2014-03-11 VMSA-2014-0002\n   Initial security advisory in conjunction with the release of\n   vSphere 5.5 Update 1 on 2014-03-11\n\n- -----------------------------------------------------------------------\n\n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n   * security-announce at lists.vmware.com\n   * bugtraq at securityfocus.com\n   * full-disclosure at lists.grok.org.uk\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware security response policy\n   http://www.vmware.com/support/policies/security_response.html\n\n   General support life cycle policy\n   http://www.vmware.com/support/policies/eos.html\n\n   Twitter\n   https://twitter.com/VMwareSRC\n\nCopyright 2014 VMware Inc.  All rights reserved. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz:  Rebuilt.  By default, Slackware is not vulnerable\n  since it includes \"noquery\" as a default restriction.  However, it is\n  vulnerable if this restriction is removed.  To help mitigate this flaw,\n  \"disable monitor\" has been added to the default ntp.conf (which will disable\n  the monlist command even if other queries are allowed), and the default\n  restrictions have been extended to IPv6 as well. \n  All users of the NTP daemon should make sure that their ntp.conf contains\n  \"disable monitor\" to prevent misuse of the NTP service.  The new ntp.conf\n  file will be installed as /etc/ntp.conf.new with a package upgrade, but the\n  changes will need to be merged into any existing ntp.conf file by the admin. \n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211\n    http://www.kb.cert.org/vuls/id/348126\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.  Please do not reply to this email address",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5211"
      },
      {
        "db": "CERT/CC",
        "id": "VU#348126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "db": "BID",
        "id": "64692"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5211"
      },
      {
        "db": "PACKETSTORM",
        "id": "124819"
      },
      {
        "db": "PACKETSTORM",
        "id": "121020"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "124791"
      },
      {
        "db": "PACKETSTORM",
        "id": "125672"
      },
      {
        "db": "PACKETSTORM",
        "id": "125222"
      }
    ],
    "trust": 3.24
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33073",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5211",
        "trust": 3.3
      },
      {
        "db": "CERT/CC",
        "id": "VU#348126",
        "trust": 2.0
      },
      {
        "db": "USCERT",
        "id": "TA13-088A",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2013/12/30/6",
        "trust": 1.6
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2013/12/30/7",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "64692",
        "trust": 1.3
      },
      {
        "db": "USCERT",
        "id": "TA14-013A",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "59288",
        "trust": 1.0
      },
      {
        "db": "SECUNIA",
        "id": "59726",
        "trust": 1.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-051-04",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1030433",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA14-017A",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVN62507275",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087",
        "trust": 0.8
      },
      {
        "db": "MLIST",
        "id": "[POOL] 20111210 ODD SURGE IN TRAFFIC TODAY",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[OSS-SECURITY] 20131230 CVE TO THE NTP MONLIST DDOS ISSUE?",
        "trust": 0.6
      },
      {
        "db": "MLIST",
        "id": "[OSS-SECURITY] 20131230 RE: CVE TO THE NTP MONLIST DDOS ISSUE?",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5211",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124819",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "121020",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133517",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124791",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "125672",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "125222",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#348126"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5211"
      },
      {
        "db": "BID",
        "id": "64692"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "db": "PACKETSTORM",
        "id": "124819"
      },
      {
        "db": "PACKETSTORM",
        "id": "121020"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "124791"
      },
      {
        "db": "PACKETSTORM",
        "id": "125672"
      },
      {
        "db": "PACKETSTORM",
        "id": "125222"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "id": "VAR-201401-0184",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2022-05-29T21:44:11.663000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Information from BAFFARO",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/20140802.html"
      },
      {
        "title": "Problem that simple DNS feature to function as an open resolver",
        "trust": 0.8,
        "url": "http://www.furukawa.co.jp/fitelnet/topic/vulnera_20130919.html"
      },
      {
        "title": "Internet Initiative Japan Inc. website",
        "trust": 0.8,
        "url": "http://www.seil.jp/support/security/a01311.html"
      },
      {
        "title": "Information from NEC Corporation",
        "trust": 0.8,
        "url": "https://jvn.jp/en/jp/jvn62507275/6443/index.html"
      },
      {
        "title": "Information from YMIRLINK Inc.",
        "trust": 0.8,
        "url": "https://jvn.jp/en/jp/jvn62507275/99095/index.html"
      },
      {
        "title": "Yamaha Corporation website ",
        "trust": 0.8,
        "url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/open-resolver.html"
      },
      {
        "title": "ntp-dev-4.2.7p26",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47338"
      },
      {
        "title": "Debian CVElist Bug Report Logs: ntp: CVE-2013-5211",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=dda61db597837c3242ded3bd021b6d4b"
      },
      {
        "title": "VMware Security Advisories: VMware vSphere updates to third party libraries",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=6bde2d67d2248ed25dc9005046e3affa"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
      },
      {
        "title": "ntpscanner",
        "trust": 0.1,
        "url": "https://github.com/dani87/ntpscanner "
      },
      {
        "title": "ntpscanner",
        "trust": 0.1,
        "url": "https://github.com/suedadam/ntpscanner "
      },
      {
        "title": "docker-cluster",
        "trust": 0.1,
        "url": "https://github.com/xubyxiaobao/docker-cluster "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-5211"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
      },
      {
        "trust": 1.7,
        "url": "http://www.us-cert.gov/ncas/alerts/ta13-088a"
      },
      {
        "trust": 1.6,
        "url": "http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1401-ntp-monlist-network-traffic-amplification-attacks.htm"
      },
      {
        "trust": 1.6,
        "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
      },
      {
        "trust": 1.6,
        "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
      },
      {
        "trust": 1.6,
        "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
      },
      {
        "trust": 1.6,
        "url": "http://lists.ntp.org/pipermail/pool/2011-december/005616.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.kb.cert.org/vuls/id/348126"
      },
      {
        "trust": 1.0,
        "url": "http://www.us-cert.gov/ncas/alerts/ta14-013a"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-04"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1030433"
      },
      {
        "trust": 1.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095892"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/59726"
      },
      {
        "trust": 1.0,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095861"
      },
      {
        "trust": 1.0,
        "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/59288"
      },
      {
        "trust": 1.0,
        "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/64692"
      },
      {
        "trust": 1.0,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232"
      },
      {
        "trust": 1.0,
        "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/406.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.nwtime.org/"
      },
      {
        "trust": 0.8,
        "url": "http://ntp.org"
      },
      {
        "trust": 0.8,
        "url": "http://www.cisco.com/en/us/products/ps9494/products_sub_category_home.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.prolexic.com/knowledge-center-white-paper-series-snmp-ntp-chargen-reflection-attacks-drdos-ddos.html"
      },
      {
        "trust": 0.8,
        "url": "http://christian-rossow.de/articles/amplification_ddos.php"
      },
      {
        "trust": 0.8,
        "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12-more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2013/at130022.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.nic.ad.jp/ja/dns/openresolver/"
      },
      {
        "trust": 0.8,
        "url": "http://jprs.jp/important/2013/130418.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/en/jp/jvn62507275/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/ncas/alerts/ta14-017a"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5211"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5211"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5211"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201401-08.xml"
      },
      {
        "trust": 0.1,
        "url": "http://www.enigmail.net/"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://tools.ietf.org/html/rfc1034\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.redbarn.org/dns/ratelimits\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/library/cc754941.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/library/cc787602.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/mailing-lists-and-feeds/"
      },
      {
        "trust": 0.1,
        "url": "http://dns.measurement-factory.com/surveys/openresolvers/asn-reports/latest.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/bv9arm.ch07.html#access_control_lists\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/bv9arm.ch03.html#id2567992\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://ss.vix.su/~vixie/isc-tn-2012-1.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://openresolverproject.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/privacy/"
      },
      {
        "trust": 0.1,
        "url": "http://www.dnsinspect.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.dnsinspect.com/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/privacy/notification/"
      },
      {
        "trust": 0.1,
        "url": "http://dns.measurement-factory.com/cgi-bin/openresolverquery.pl\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://dns.measurement-factory.com"
      },
      {
        "trust": 0.1,
        "url": "http://openresolverproject.org/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://tools.ietf.org/html/bcp38\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296"
      },
      {
        "trust": 0.1,
        "url": "http://bugs.ntp.org/show_bug.cgi?id=1532\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:02/ntpd.patch"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/patches/sa-14:02/ntpd.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5211\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.freebsd.org/advisories/freebsd-sa-14:02.ntpd.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4332"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4332"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2070193"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2065826"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-rel"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#348126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "db": "PACKETSTORM",
        "id": "124819"
      },
      {
        "db": "PACKETSTORM",
        "id": "121020"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "124791"
      },
      {
        "db": "PACKETSTORM",
        "id": "125672"
      },
      {
        "db": "PACKETSTORM",
        "id": "125222"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#348126"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-5211"
      },
      {
        "db": "BID",
        "id": "64692"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "db": "PACKETSTORM",
        "id": "124819"
      },
      {
        "db": "PACKETSTORM",
        "id": "121020"
      },
      {
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "db": "PACKETSTORM",
        "id": "124791"
      },
      {
        "db": "PACKETSTORM",
        "id": "125672"
      },
      {
        "db": "PACKETSTORM",
        "id": "125222"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-10T00:00:00",
        "db": "CERT/CC",
        "id": "VU#348126"
      },
      {
        "date": "2014-01-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-5211"
      },
      {
        "date": "2013-12-30T00:00:00",
        "db": "BID",
        "id": "64692"
      },
      {
        "date": "2013-09-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "date": "2014-01-17T20:22:00",
        "db": "PACKETSTORM",
        "id": "124819"
      },
      {
        "date": "2013-03-30T17:58:25",
        "db": "PACKETSTORM",
        "id": "121020"
      },
      {
        "date": "2015-09-10T00:10:00",
        "db": "PACKETSTORM",
        "id": "133517"
      },
      {
        "date": "2014-01-15T18:23:33",
        "db": "PACKETSTORM",
        "id": "124791"
      },
      {
        "date": "2014-03-12T21:15:50",
        "db": "PACKETSTORM",
        "id": "125672"
      },
      {
        "date": "2014-02-15T00:06:15",
        "db": "PACKETSTORM",
        "id": "125222"
      },
      {
        "date": "2014-01-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      },
      {
        "date": "2014-01-02T14:59:00",
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-08-26T00:00:00",
        "db": "CERT/CC",
        "id": "VU#348126"
      },
      {
        "date": "2018-10-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-5211"
      },
      {
        "date": "2015-11-03T19:36:00",
        "db": "BID",
        "id": "64692"
      },
      {
        "date": "2014-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-000087"
      },
      {
        "date": "2014-01-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      },
      {
        "date": "2018-10-30T16:27:00",
        "db": "NVD",
        "id": "CVE-2013-5211"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NTP can be abused to amplify denial-of-service attack traffic",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#348126"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-003"
      }
    ],
    "trust": 0.6
  }
}

gsd-2013-5211

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-5211

Aliases

CVE-2013-5211

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5211",
    "description": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.",
    "id": "GSD-2013-5211",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-5211.html",
      "https://advisories.mageia.org/CVE-2013-5211.html",
      "https://linux.oracle.com/cve/CVE-2013-5211.html",
      "https://packetstormsecurity.com/files/cve/CVE-2013-5211"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5211"
      ],
      "details": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.",
      "id": "GSD-2013-5211",
      "modified": "2023-12-13T01:22:21.817914Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-5211",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "59288",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59288"
          },
          {
            "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
            "refsource": "CONFIRM",
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
          },
          {
            "name": "openSUSE-SU-2014:1149",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "HPSBUX02960",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
          },
          {
            "name": "TA14-013A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
          },
          {
            "name": "64692",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/64692"
          },
          {
            "name": "VU#348126",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/348126"
          },
          {
            "name": "HPSBOV03505",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
          },
          {
            "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
          },
          {
            "name": "59726",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59726"
          },
          {
            "name": "1030433",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030433"
          },
          {
            "name": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz",
            "refsource": "CONFIRM",
            "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
          },
          {
            "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04",
            "refsource": "MISC",
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
          },
          {
            "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc",
            "refsource": "CONFIRM",
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
          },
          {
            "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861",
            "refsource": "CONFIRM",
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
          },
          {
            "name": "[pool] 20111210 Odd surge in traffic today",
            "refsource": "MLIST",
            "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
          },
          {
            "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
          },
          {
            "name": "SSRT101419",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
          },
          {
            "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892",
            "refsource": "CONFIRM",
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
          },
          {
            "name": "http://bugs.ntp.org/show_bug.cgi?id=1532",
            "refsource": "CONFIRM",
            "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
          },
          {
            "name": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory",
            "refsource": "CONFIRM",
            "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p21:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5211"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[pool] 20111210 Odd surge in traffic today",
              "refsource": "MLIST",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
            },
            {
              "name": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
            },
            {
              "name": "http://bugs.ntp.org/show_bug.cgi?id=1532",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
            },
            {
              "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
            },
            {
              "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
            },
            {
              "name": "TA14-013A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
            },
            {
              "name": "HPSBUX02960",
              "refsource": "HP",
              "tags": [
                "Mailing List"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
            },
            {
              "name": "VU#348126",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/348126"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
            },
            {
              "name": "1030433",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1030433"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
            },
            {
              "name": "59726",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/59726"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
            },
            {
              "name": "59288",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/59288"
            },
            {
              "name": "openSUSE-SU-2014:1149",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
            },
            {
              "name": "HPSBOV03505",
              "refsource": "HP",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "64692",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/64692"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
            },
            {
              "name": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-11-01T12:51Z",
      "publishedDate": "2014-01-02T14:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-5211

Vulnerability from cvelistv5

ghsa-2q29-vhpq-hpv3

Vulnerability from github

var-201401-0184

Vulnerability from variot

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

CVSS 2.0 Base Metrics

fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch

fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc

gpg --verify ntpd.patch.asc

cd /usr/src

patch < /path/to/patch

freebsd-update fetch

freebsd-update install

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

gsd-2013-5211

Vulnerability from gsd

Tags

Sightings

Nomenclature