var-201401-0184
Vulnerability from variot
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. Multiple broadband routers contain an issue where they may behave as open resolvers. A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. This issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC. In addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.The device may be used in a DNS amplification attack and unknowingly become a part of a DDoS attack. NTP is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users. The net-misc/ntp package contains the official reference implementation by the NTP Project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.6_p5-r10 >= 4.2.6_p5-r10
Description
ntpd is susceptible to a reflected Denial of Service attack. Please review the CVE identifiers and references below for details.
Workaround
We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10 and added "noquery" to the default restriction which disallows anyone to query the ntpd status, including "monlist".
If you use a non-default configuration, and provide a ntp service to untrusted networks, we highly recommend you to revise your configuration to disable mode 6 and 7 queries for any untrusted (public) network.
You can always enable these queries for specific trusted networks. For more details please see the "Access Control Support" chapter in the ntp.conf(5) man page.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.6_p5-r10"
Note that the updated package contains a modified default configuration only.
References
[ 1 ] CVE-2013-5211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5211 [ 2 ] VU#348126 http://www.kb.cert.org/vuls/id/348126
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Awareness System TA13-088A: DNS Amplification Attacks
Original release date: March 29, 2013
Systems Affected
- Domain Name System (DNS) servers
Overview
A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic.
Description
A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS) that relies on the use of publically accessible open recursive DNS servers to overwhelm a victim system with DNS response traffic. The basic attack technique consists of an attacker sending a DNS name lookup request to an open recursive DNS server with the source address spoofed to be the victims address. When the DNS server sends the DNS record response, it is sent instead to the victim. Because the size of the response is typically considerably larger than the request, the attacker is able to amplify the volume of traffic directed at the victim. By leveraging a botnet to perform additional spoofed DNS queries, an attacker can produce an overwhelming amount of traffic with little effort. Additionally, because the responses are legitimate data coming from valid servers, it is especially difficult to block these types of attacks.
While the attacks are difficult to prevent, network operators can implement several possible mitigation strategies. The primary element in the attack that is the focus of an effective long-term solution is the detection and elimination of open recursive DNS resolvers. These systems are typically legitimate DNS servers that have been improperly configured to respond to recursive queries on behalf of any system, rather than restricting recursive responses only to requests from local or authorized clients. By identifying these systems, an organization or network operator can reduce the number of potential resources that the attacker can employ in an attack.
Impact
A misconfigured Domain Name System (DNS) server can be exploited to participate in a Distributed Denial of Service (DDoS) attack.
Solution
DETECTION
Several organizations offer free, web-based scanning tools that will search a network for vulnerable open DNS resolvers. These tools will scan entire network ranges and list the address of any identified open resolvers. The query interface allows network administrators to enter IP ranges in CIDR format [1].
The Measurement Factory http://dns.measurement-factory.com Like the Open DNS Resolver Project, the Measurement Factory maintains a list of Internet accessible DNS servers and allows administrators to search for open recursive resolvers [2]. In addition, the Measurement Factory offers a free tool to directly test an individual DNS resolver to determine if it allows open recursion. This will allow an administrator to determine if configuration changes are necessary and verify that configuration changes have been effective [3]. Finally, the site offers statistics showing the number of open resolvers detected on the various Autonomous System (AS) networks, sorted by the highest number found [4].
DNSInspect http://www.dnsinspect.com Another freely available, web-based tool for testing DNS resolvers is DNSInspect. This site is similar to The Measurement Factorys ability to test a specific resolver for vulnerability, but offers the ability to test an entire DNS Zone for several other potential configuration and security issues [5].
Indicators
In a typical recursive DNS query, a client sends a query request to a local DNS server requesting the resolution of a name or the reverse resolution of an IP address. The DNS server performs the necessary queries on behalf of the client and returns a response packet with the requested information or an error [6, page 21]. The specification does not allow for unsolicited responses. In a DNS amplification attack, the key indicator is a query response without a matching request.
MITIGATION
Unfortunately, due to the overwhelming traffic volume that can be produced by one of these attacks, there is often little that the victim can do to counter a large-scale DNS amplification-based distributed denial-of-service attack. While the only effective means of eliminating this type of attack is to eliminate open recursive resolvers, this requires a large-scale effort by numerous parties. According to the Open DNS Resolver Project, of the 27 million known DNS resolvers on the Internet, approximately 25 million pose a significant threat of being used in an attack [1]. However, several possible techniques are available to reduce the overall effectiveness of such attacks to the Internet community as a whole. Where possible, configuration links have been provided to assist administrators with making the recommended changes. The configuration information has been limited to BIND9 and Microsofts DNS Server, which are two widely deployed DNS servers. If you are running a different DNS server, please see your vendors documentation for configuration details.
Source IP Verification
Because the DNS queries being sent by the attacker-controlled clients must have a source address spoofed to appear as the victims system, the first step to reducing the effectiveness of DNS amplification is for Internet Service Providers to deny any DNS traffic with spoofed addresses. The Network Working Group of the Internet Engineering Task Force released a Best Current Practice document in May 2000 that describes how an Internet Service Provider can filter network traffic on their network to drop packets with source addresses not reachable via the actual packets path [7]. This configuration change would considerably reduce the potential for most current types of DDoS attacks.
Disabling Recursion on Authoritative Name Servers
Many of the DNS servers currently deployed on the Internet are exclusively intended to provide name resolution for a single domain. These systems do not need to support resolution of other domains on behalf of a client, and therefore should be configured with recursion disabled.
Bind9
Add the following to the global options [8]: options { allow-query-cache { none; }; recursion no; };
Microsoft DNS Server
In the Microsoft DNS console tool [9]: * Right-click the DNS server and click Properties. * Click the Advanced tab. * In Server options, select the Disable recursion check box, and then click OK.
Limiting Recursion to Authorized Clients
For DNS servers that are deployed within an organization or ISP to support name queries on behalf of a client, the resolver should be configured to only allow queries on behalf of authorized clients. These requests should typically only come from clients within the organizations network address range.
BIND9
In the global options, add the following [10]: acl corpnets { 192.168.1.0/24; 192.168.2.0/24; }; options { allow-query { corpnets; }; allow-recursion { corpnets; }; };
Microsoft DNS Server
It is not currently possible to restrict recursive DNS requests to a specific client address range in Microsoft DNS Server. The most effective means of approximating this functionality is to configure the internal DNS server to forward queries to an external DNS server and restrict DNS traffic in the firewall to restrict port 53 UDP traffic to the internal server and the external forwarder [11].
Rate Limiting Response of Recursive Name Servers
There is currently an experimental feature available as a set of patches for BIND9 that allows an administrator to restrict the number of responses per second being sent from the name server [12]. This is intended to reduce the effectiveness of DNS amplification attacks by reducing the volume of traffic coming from any single resolver.
BIND9
On BIND9 implementation running the RRL patches, add the following lines to the options block of the authoritative views [13]: rate-limit { responses-per-second 5; window 5; };
Microsoft DNS Server
This option is currently not available for Microsoft DNS Server.
References
- [1] Open DNS Resolver Project
- [2] The Measurement Factory, "List Open Resolvers on Your Network"
- [3] The Measurement Factory, "Open Resolver Test"
- [4] The Measurement Factory, "Open Resolvers for Each Autonomous System"
- [5] "DNSInspect," DNSInspect.com
- [6] RFC 1034: DOMAIN NAMES - CONCEPTS AND FACILITIES
- [7] BCP 38: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
- [8] Chapter 3. Name Server Configuration
- [9] Disable recursion on the DNS server
- [10] Chapter 7. BIND 9 Security Considerations
- [11] Configure a DNS Server to Use Forwarders
- [12] DNS Response Rate Limiting (DNS RRL)
- [13] Response Rate Limiting in the Domain Name System (DNS RRL)
Revision History
- March 29, 2013: Initial release
Relevant URL(s): http://openresolverproject.org/
http://dns.measurement-factory.com/cgi-bin/openresolverquery.pl
http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html
http://tools.ietf.org/html/rfc1034
http://tools.ietf.org/html/bcp38
http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch03.html#id2567992
http://technet.microsoft.com/en-us/library/cc787602.aspx
http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch07.html#Access_Control_Lists
http://technet.microsoft.com/en-us/library/cc754941.aspx
http://ss.vix.su/~vixie/isc-tn-2012-1.txt
http://www.redbarn.org/dns/ratelimits
Produced by US-CERT, a government organization.
This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification/
Privacy & Use policy: http://www.us-cert.gov/privacy/
This document can also be found at http://www.us-cert.gov/ncas/alerts/TA13-088A
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/mailing-lists-and-feeds/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBUVXuq3dnhE8Qi3ZhAQIBXAf+LICtxQHGu5j7x8NAFG+tTSWrjducZ37v oWhQuSsXp9XjwAN1RdXOZRpX2Sbp5b1bVZ+FfjdPljoRVpoRksuBu5qOfzathZEP 3aRA7O0Kffuk2ofCsn8I9nWOas7bZa9gO8hGan4ORjEJLt4OWFtPW+2aWfDKY72x lcky1Ms6Z1TGkCTgJLuoUXXmGg8JQJqvRfkc7VAY4ttpJV1/DtpMIZyf2Hbr4inp ClnGYi64ukzu38kYkQ33u3oPKjYX8bwWKAZRnpQAcHO8ddswKre7Cz2Ar5tTNluY 0/nzEAx6BVAKgntp5NUJ8y55ej+RyEQiCpBAkhE8xImmxAUPJ7AiMw== =FVTl -----END PGP SIGNATURE----- .
Release Date: 2015-09-09 Last Updated: 2015-09-09
Potential Security Impact: Remote denial of service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP.
References:
CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. TCP/IP Services for OpenVMS V5.7 ECO5 running NTP
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-5211 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following patch kits available to resolve the vulnerabilities with TCP/IP Services for OpenVMS running NTP.
Platform Patch Kit Name
Alpha IA64 V8.4 75-117-380_2015-08-24.BCK
NOTE: Please contact OpenVMS Technical Support to request these patch kits.
HISTORY Version:1 (rev.1) - 9 September 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Corrected: 2014-01-14 19:04:33 UTC (stable/10, 10.0-PRERELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RELEASE) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC5-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC4-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC3-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC2-p1) 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC1-p1) 2014-01-14 19:20:41 UTC (stable/9, 9.2-STABLE) 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3) 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10) 2014-01-14 19:20:41 UTC (stable/8, 8.4-STABLE) 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7) 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14) CVE Name: CVE-2013-5211
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source.
II. Problem Description
The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication.
III. Impact
An attacker can send 'monlist' queries and use that as an amplification of a reflection attack.
IV. This can be done by adding the following lines to /etc/ntp.conf:
restrict -4 default nomodify nopeer noquery notrap restrict -6 default nomodify nopeer noquery notrap restrict 127.0.0.1 restrict -6 ::1 restrict 127.127.1.0
And restart the ntpd(8) daemon. Time service is not affected and the administrator can still perform queries from local host.
2) Use IP based restrictions in ntpd(8) itself or in IP firewalls to restrict which systems can access ntpd(8).
3) Replace the base system ntpd(8) with net/ntp-devel (version 4.2.7p76 or newer)
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch
fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc
gpg --verify ntpd.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
Recompile the operating system using buildworld and installworld as
described in
Restart the ntpd(8) daemon, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
Note that the patch would disable monitoring features of ntpd(8) daemon by default. If the feature is desirable, the administrator can choose to enable it and firewall access to ntpd(8) service.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r260641 releng/8.3/ r260647 releng/8.4/ r260647 stable/9/ r260641 releng/9.1/ r260647 releng/9.2/ r260647 stable/10/ r260639 releng/10.0/ r260641
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2014-0002 Synopsis: VMware vSphere updates to third party libraries Issue date: 2014-03-11 Updated on: 2014-03-11 (initial advisory) CVE numbers: --NTP --- CVE-2013-5211 --glibc (service console) --- CVE-2013-4332 --JRE-- See references
- Summary
VMware has updated vSphere third party libraries.
- Relevant releases
vCenter Server Appliance 5.5 prior to 5.5 Update 1
VMware vCenter Server 5.5 prior 5.5 Update 1
VMware Update Manager 5.5 prior 5.5 Update 1
VMware ESXi 5.5 without patch ESXi550-201403101-SG
- Problem Description
a. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack.
Mitigation
Mitigation for this issue is documented in VMware Knowledge Base
article 2070193. This article also documents when vSphere
products are affected.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-5211 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
VCSA 5.5 Linux 5.5 Update 1
VCSA 5.1 Linux patch pending
VCSA 5.0 Linux patch pending
ESXi 5.5 ESXi ESXi550-201403101-SG
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
ESXi 4.1 ESXi patch pending
ESXi 4.0 ESXi patch pending
ESX 4.1 ESX patch pending
ESX 4.0 ESX patch pending
b. Update to ESXi glibc package
The ESXi glibc package is updated to version
glibc-2.5-118.el5_10.2 to resolve a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-4332 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======== ======= =================
ESXi 5.5 ESXi ESXi550-201403101-SG
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
ESXi 4.1 ESXi no patch planned
ESXi 4.0 ESXi no patch planned
ESX 4.1 ESX not applicable
ESX 4.0 ESX not applicable
c. vCenter and Update Manager, Oracle JRE 1.7 Update 45
Oracle JRE is updated to version JRE 1.7 Update 45, which
addresses multiple security issues that existed in earlier
releases of Oracle JRE.
Oracle has documented the CVE identifiers that are addressed
in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch
Update Advisory of October 2013. The References section provides
a link to this advisory.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCenter Server 5.5 Any 5.5 Update 1
vCenter Server 5.1 Any not applicable **
vCenter Server 5.0 Any not applicable **
vCenter Server 4.1 Windows not applicable **
vCenter Server 4.0 Windows not applicable *
Update Manager 5.5 Windows 5.5 Update 1
Update Manager 5.1 Windows not applicable **
Update Manager 5.0 Windows not applicable **
Update Manager 4.1 Windows not applicable *
Update Manager 4.0 Windows not applicable *
ESXi any ESXi not applicable
ESX 4.1 ESX not applicable **
ESX 4.0 ESX not applicable *
* this product uses the Oracle JRE 1.5.0 family
** this product uses the Oracle JRE 1.6.0 family
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Server 5.5
Download link:
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_ vsphere/5_5
Release Notes:
https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-rel ease-notes.html
ESXi 5.5
File: update-from-esxi5.5-5.5_update01.zip md5sum:5773844efc7d8e43135de46801d6ea25 sha1sum:6518355d260e81b562c66c5016781db9f077161f http://kb.vmware.com/kb/2065826 update-from-esxi5.5-5.5_update01 contains ESXi550-201403101-SG
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332
--------- jre --------- Oracle Java SE Critical Patch Update Advisory of October 2013
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
VMware Knowledge Base article 2070193 http://kb.vmware.com/kb/2070193
- Change log
2014-03-11 VMSA-2014-0002 Initial security advisory in conjunction with the release of vSphere 5.5 Update 1 on 2014-03-11
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz: Rebuilt. By default, Slackware is not vulnerable since it includes "noquery" as a default restriction. However, it is vulnerable if this restriction is removed. To help mitigate this flaw, "disable monitor" has been added to the default ntp.conf (which will disable the monlist command even if other queries are allowed), and the default restrictions have been extended to IPv6 as well. All users of the NTP daemon should make sure that their ntp.conf contains "disable monitor" to prevent misuse of the NTP service. The new ntp.conf file will be installed as /etc/ntp.conf.new with a package upgrade, but the changes will need to be merged into any existing ntp.conf file by the admin. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211 http://www.kb.cert.org/vuls/id/348126 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Please do not reply to this email address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0184",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ntp",
"scope": "eq",
"trust": 1.6,
"vendor": "ntp",
"version": "4.2.7"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "meinberg funkuhren",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "network time protocol",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple venders",
"version": null
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "esxi",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.12"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "tcp/ip services for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.7"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.5"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.5"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.4"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.4"
},
{
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.4"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.3"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.3"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.3"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release/alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "-release-p14",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.0"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.11"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.11"
},
{
"model": "-release-p3",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.11"
},
{
"model": "-release-p20",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.11"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.11"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.10"
},
{
"model": "-release-p8",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.10"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.10"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.10"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.9"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "-release-p7",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.8"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "-release-p17",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-release-p20",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.6"
},
{
"model": "-stablepre2002-03-07",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-release-p32",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.5"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-release-p42",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.4"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-release-p38",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.3"
},
{
"model": "-stablepre122300",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stablepre050201",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.0"
},
{
"model": "-stablepre2001-07-20",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5.1"
},
{
"model": "-stablepre122300",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5"
},
{
"model": "-stablepre050201",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.1"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "3.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.8"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.7.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.7"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.6.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.6"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.0.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "1.1.5.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "1.1.5"
},
{
"model": "9.0-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.0-release",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.3-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.2-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.2-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.2-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "release -p3",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "8.2-"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "8.2"
},
{
"model": "8.1-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.1-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.1-release",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.1-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "8.1"
},
{
"model": "8.0-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.0-release",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.4-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.4-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "-release-p3",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.4"
},
{
"model": "7.3-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.3-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.3-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "release p7",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.3--"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.3"
},
{
"model": "7.2-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.2-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.2-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.2-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.2-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.2"
},
{
"model": "7.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.1-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.1-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.1-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"model": "-release-p2",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"model": "-release-p1",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"model": "-pre-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"model": "7.0-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.0-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.0-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.0-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.0-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "7.0-release",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"model": "-release-p9",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"model": "6.4-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "6.4-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "6.4-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "6.4-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"model": "-release-p3",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"model": "6.3-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "6.3-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"model": "-release-p9",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"model": "-release-p8",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"model": "-release-p6",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"model": "-release-p10",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"model": "6.0-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "-release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.5"
},
{
"model": "5.4-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.4"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "5.2.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "4.11"
},
{
"model": "4.10-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.2.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "2.0.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "1.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "1.2"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "1.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "1.0"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "0.41"
},
{
"model": "video surveillance operations manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#348126"
},
{
"db": "BID",
"id": "64692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-003"
},
{
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dave Hart",
"sources": [
{
"db": "BID",
"id": "64692"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/severity#"
},
"@id": "https://www.variotdbs.pl/ref/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-5211",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.1,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.6,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2013-5211",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2013-000087",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5211",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5211",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2013-000087",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-003",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-5211",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#348126"
},
{
"db": "VULMON",
"id": "CVE-2013-5211"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-003"
},
{
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. UDP protocols such as NTP can be abused to amplify denial-of-service attack traffic. Servers running the network time protocol (NTP) based on implementations of ntpd prior to version 4.2.7p26 that use the default unrestricted query configuration are susceptible to a reflected denial-of-service (DRDoS) attack. Other proprietary NTP implementations may also be affected. Multiple broadband routers contain an issue where they may behave as open resolvers. A device that runs as a DNS cache server, which responds to any recursive DNS queries that are received is referred to as an open resolver. Multiple broadband routers may contain an issue where they may behave as open resolvers. This issue was confirmed by JPCERT/CC and IPA that it affected multiple developers and was coordinated by JPCERT/CC. In addition, Yasuhiro Orange Morishita of Japan Registry Services Co., Ltd. (JPRS) reported this vulnerability to JPCERT/CC under the Information Security Early Warning Partnership.The device may be used in a DNS amplification attack and unknowingly become a part of a DDoS attack. NTP is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users. The net-misc/ntp package contains the official reference\nimplementation by the NTP Project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.6_p5-r10 \u003e= 4.2.6_p5-r10\n\nDescription\n===========\n\nntpd is susceptible to a reflected Denial of Service attack. Please\nreview the CVE identifiers and references below for details. \n\nWorkaround\n==========\n\nWe modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10\nand added \"noquery\" to the default restriction which disallows anyone\nto query the ntpd status, including \"monlist\". \n\nIf you use a non-default configuration, and provide a ntp service to\nuntrusted networks, we highly recommend you to revise your\nconfiguration to disable mode 6 and 7 queries for any untrusted\n(public) network. \n\nYou can always enable these queries for specific trusted networks. For\nmore details please see the \"Access Control Support\" chapter in the\nntp.conf(5) man page. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.6_p5-r10\"\n\nNote that the updated package contains a modified default configuration\nonly. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-5211\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5211\n[ 2 ] VU#348126\n http://www.kb.cert.org/vuls/id/348126\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-08.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNational Cyber Awareness System\nTA13-088A: DNS Amplification Attacks\n\n\nOriginal release date: March 29, 2013\n\nSystems Affected\n\n * Domain Name System (DNS) servers\n\nOverview\n\nA Domain Name Server (DNS) Amplification attack is a popular form of\nDistributed Denial of Service (DDoS) that relies on the use of\npublically accessible open recursive DNS servers to overwhelm a victim\nsystem with DNS response traffic. \n\nDescription\n\nA Domain Name Server (DNS) Amplification attack is a popular form of\nDistributed Denial of Service (DDoS) that relies on the use of\npublically accessible open recursive DNS servers to overwhelm a victim\nsystem with DNS response traffic. The basic attack technique consists of\nan attacker sending a DNS name lookup request to an open recursive DNS\nserver with the source address spoofed to be the victims address. When\nthe DNS server sends the DNS record response, it is sent instead to the\nvictim. Because the size of the response is typically considerably\nlarger than the request, the attacker is able to amplify the volume of\ntraffic directed at the victim. By leveraging a botnet to perform\nadditional spoofed DNS queries, an attacker can produce an overwhelming\namount of traffic with little effort. Additionally, because the\nresponses are legitimate data coming from valid servers, it is\nespecially difficult to block these types of attacks. \n\nWhile the attacks are difficult to prevent, network operators can\nimplement several possible mitigation strategies. The primary element in\nthe attack that is the focus of an effective long-term solution is the\ndetection and elimination of open recursive DNS resolvers. These systems\nare typically legitimate DNS servers that have been improperly\nconfigured to respond to recursive queries on behalf of any system,\nrather than restricting recursive responses only to requests from local\nor authorized clients. By identifying these systems, an organization or\nnetwork operator can reduce the number of potential resources that the\nattacker can employ in an attack. \n\nImpact\n\nA misconfigured Domain Name System (DNS) server can be exploited to\nparticipate in a Distributed Denial of Service (DDoS) attack. \n\nSolution\n\nDETECTION\n\nSeveral organizations offer free, web-based scanning tools that will\nsearch a network for vulnerable open DNS resolvers. These tools will\nscan entire network ranges and list the address of any identified open\nresolvers. The query\ninterface allows network administrators to enter IP ranges in CIDR\nformat [1]. \n\nThe Measurement Factory\nhttp://dns.measurement-factory.com\nLike the Open DNS Resolver Project, the Measurement Factory maintains a\nlist of Internet accessible DNS servers and allows administrators to\nsearch for open recursive resolvers [2]. In addition, the Measurement\nFactory offers a free tool to directly test an individual DNS resolver\nto determine if it allows open recursion. This will allow an\nadministrator to determine if configuration changes are necessary and\nverify that configuration changes have been effective [3]. Finally, the\nsite offers statistics showing the number of open resolvers detected on\nthe various Autonomous System (AS) networks, sorted by the highest\nnumber found [4]. \n\nDNSInspect\nhttp://www.dnsinspect.com\nAnother freely available, web-based tool for testing DNS resolvers is\nDNSInspect. This site is similar to The Measurement Factorys ability to\ntest a specific resolver for vulnerability, but offers the ability to\ntest an entire DNS Zone for several other potential configuration and\nsecurity issues [5]. \n\nIndicators\n\nIn a typical recursive DNS query, a client sends a query request to a\nlocal DNS server requesting the resolution of a name or the reverse\nresolution of an IP address. The DNS server performs the necessary\nqueries on behalf of the client and returns a response packet with the\nrequested information or an error [6, page 21]. The specification does\nnot allow for unsolicited responses. In a DNS amplification attack, the\nkey indicator is a query response without a matching request. \n\nMITIGATION\n\nUnfortunately, due to the overwhelming traffic volume that can be\nproduced by one of these attacks, there is often little that the victim\ncan do to counter a large-scale DNS amplification-based distributed\ndenial-of-service attack. While the only effective means of eliminating\nthis type of attack is to eliminate open recursive resolvers, this\nrequires a large-scale effort by numerous parties. According to the Open\nDNS Resolver Project, of the 27 million known DNS resolvers on the\nInternet, approximately 25 million pose a significant threat of being\nused in an attack [1]. However, several possible techniques are\navailable to reduce the overall effectiveness of such attacks to the\nInternet community as a whole. Where possible, configuration links have\nbeen provided to assist administrators with making the recommended\nchanges. The configuration information has been limited to BIND9 and\nMicrosofts DNS Server, which are two widely deployed DNS servers. If you\nare running a different DNS server, please see your vendors\ndocumentation for configuration details. \n\nSource IP Verification\n\nBecause the DNS queries being sent by the attacker-controlled clients\nmust have a source address spoofed to appear as the victims system, the\nfirst step to reducing the effectiveness of DNS amplification is for\nInternet Service Providers to deny any DNS traffic with spoofed\naddresses. The Network Working Group of the Internet Engineering Task\nForce released a Best Current Practice document in May 2000 that\ndescribes how an Internet Service Provider can filter network traffic on\ntheir network to drop packets with source addresses not reachable via\nthe actual packets path [7]. This configuration change would\nconsiderably reduce the potential for most current types of DDoS\nattacks. \n\nDisabling Recursion on Authoritative Name Servers\n\nMany of the DNS servers currently deployed on the Internet are\nexclusively intended to provide name resolution for a single domain. \nThese systems do not need to support resolution of other domains on\nbehalf of a client, and therefore should be configured with recursion\ndisabled. \n\nBind9\n\nAdd the following to the global options [8]:\noptions {\n allow-query-cache { none; };\n recursion no;\n};\n\nMicrosoft DNS Server\n\nIn the Microsoft DNS console tool [9]: * Right-click the DNS server and\nclick Properties. \n * Click the Advanced tab. \n * In Server options, select the Disable recursion check box, and then\nclick OK. \n\nLimiting Recursion to Authorized Clients\n\nFor DNS servers that are deployed within an organization or ISP to\nsupport name queries on behalf of a client, the resolver should be\nconfigured to only allow queries on behalf of authorized clients. These\nrequests should typically only come from clients within the\norganizations network address range. \n\nBIND9\n\nIn the global options, add the following [10]:\nacl corpnets { 192.168.1.0/24; 192.168.2.0/24; };\noptions {\n allow-query { corpnets; };\n allow-recursion { corpnets; };\n};\n\nMicrosoft DNS Server\n\nIt is not currently possible to restrict recursive DNS requests to a\nspecific client address range in Microsoft DNS Server. The most\neffective means of approximating this functionality is to configure the\ninternal DNS server to forward queries to an external DNS server and\nrestrict DNS traffic in the firewall to restrict port 53 UDP traffic to\nthe internal server and the external forwarder [11]. \n\nRate Limiting Response of Recursive Name Servers\n\nThere is currently an experimental feature available as a set of patches\nfor BIND9 that allows an administrator to restrict the number of\nresponses per second being sent from the name server [12]. This is\nintended to reduce the effectiveness of DNS amplification attacks by\nreducing the volume of traffic coming from any single resolver. \n\nBIND9\n\nOn BIND9 implementation running the RRL patches, add the following lines\nto the options block of the authoritative views [13]:\nrate-limit {\n responses-per-second 5;\n window 5;\n};\n\nMicrosoft DNS Server\n\nThis option is currently not available for Microsoft DNS Server. \n\nReferences\n\n * [1] Open DNS Resolver Project\n * [2] The Measurement Factory, \"List Open Resolvers on Your Network\"\n * [3] The Measurement Factory, \"Open Resolver Test\"\n * [4] The Measurement Factory, \"Open Resolvers for Each Autonomous\nSystem\"\n * [5] \"DNSInspect,\" DNSInspect.com\n * [6] RFC 1034: DOMAIN NAMES - CONCEPTS AND FACILITIES\n * [7] BCP 38: Network Ingress Filtering: Defeating Denial of Service\nAttacks which employ IP Source Address Spoofing\n * [8] Chapter 3. Name Server Configuration\n * [9] Disable recursion on the DNS server\n * [10] Chapter 7. BIND 9 Security Considerations\n * [11] Configure a DNS Server to Use Forwarders\n * [12] DNS Response Rate Limiting (DNS RRL)\n * [13] Response Rate Limiting in the Domain Name System (DNS RRL)\n\nRevision History\n\n * March 29, 2013: Initial release\n\nRelevant URL(s):\n\u003chttp://openresolverproject.org/\u003e\n\n\u003chttp://dns.measurement-factory.com/cgi-bin/openresolverquery.pl\u003e\n\n\u003chttp://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl\u003e\n\n\u003chttp://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html\u003e\n\n\u003chttp://www.dnsinspect.com/\u003e\n\n\u003chttp://tools.ietf.org/html/rfc1034\u003e\n\n\u003chttp://tools.ietf.org/html/bcp38\u003e\n\n\u003chttp://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch03.html#id2567992\u003e\n\n\u003chttp://technet.microsoft.com/en-us/library/cc787602.aspx\u003e\n\n\u003chttp://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch07.html#Access_Control_Lists\u003e\n\n\u003chttp://technet.microsoft.com/en-us/library/cc754941.aspx\u003e\n\n\u003chttp://ss.vix.su/~vixie/isc-tn-2012-1.txt\u003e\n\n\u003chttp://www.redbarn.org/dns/ratelimits\u003e\n\n____________________________________________________________________\n\n Produced by US-CERT, a government organization. \n____________________________________________________________________\n\nThis product is provided subject to this Notification: \nhttp://www.us-cert.gov/privacy/notification/\n\nPrivacy \u0026 Use policy: \nhttp://www.us-cert.gov/privacy/\n\nThis document can also be found at\nhttp://www.us-cert.gov/ncas/alerts/TA13-088A\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/mailing-lists-and-feeds/\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBUVXuq3dnhE8Qi3ZhAQIBXAf+LICtxQHGu5j7x8NAFG+tTSWrjducZ37v\noWhQuSsXp9XjwAN1RdXOZRpX2Sbp5b1bVZ+FfjdPljoRVpoRksuBu5qOfzathZEP\n3aRA7O0Kffuk2ofCsn8I9nWOas7bZa9gO8hGan4ORjEJLt4OWFtPW+2aWfDKY72x\nlcky1Ms6Z1TGkCTgJLuoUXXmGg8JQJqvRfkc7VAY4ttpJV1/DtpMIZyf2Hbr4inp\nClnGYi64ukzu38kYkQ33u3oPKjYX8bwWKAZRnpQAcHO8ddswKre7Cz2Ar5tTNluY\n0/nzEAx6BVAKgntp5NUJ8y55ej+RyEQiCpBAkhE8xImmxAUPJ7AiMw==\n=FVTl\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2015-09-09\nLast Updated: 2015-09-09\n\nPotential Security Impact: Remote denial of service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with the TCP/IP\nServices for OpenVMS running NTP. \n\nReferences:\n\nCVE-2014-9293\nCVE-2014-9294\nCVE-2014-9295\nCVE-2014-9296\nCVE-2013-5211\nSSRT102239\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nTCP/IP Services for OpenVMS V5.7 ECO5 running NTP\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2013-5211 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following patch kits available to resolve the vulnerabilities\nwith TCP/IP Services for OpenVMS running NTP. \n\n Platform\n Patch Kit Name\n\n Alpha IA64 V8.4\n 75-117-380_2015-08-24.BCK\n\n NOTE: Please contact OpenVMS Technical Support to request these patch kits. \n\nHISTORY\nVersion:1 (rev.1) - 9 September 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \nCorrected: 2014-01-14 19:04:33 UTC (stable/10, 10.0-PRERELEASE)\n 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RELEASE)\n 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC5-p1)\n 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC4-p1)\n 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC3-p1)\n 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC2-p1)\n 2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC1-p1)\n 2014-01-14 19:20:41 UTC (stable/9, 9.2-STABLE)\n 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)\n 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)\n 2014-01-14 19:20:41 UTC (stable/8, 8.4-STABLE)\n 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)\n 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)\nCVE Name: CVE-2013-5211\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nThe ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)\nused to synchronize the time of a computer system to a reference time\nsource. \n\nII. Problem Description\n\nThe ntpd(8) daemon supports a query \u0027monlist\u0027 which provides a history of\nrecent NTP clients without any authentication. \n\nIII. Impact\n\nAn attacker can send \u0027monlist\u0027 queries and use that as an amplification of\na reflection attack. \n\nIV. This can be done by adding the following\nlines to /etc/ntp.conf:\n\nrestrict -4 default nomodify nopeer noquery notrap\nrestrict -6 default nomodify nopeer noquery notrap\nrestrict 127.0.0.1\nrestrict -6 ::1\nrestrict 127.127.1.0\n\nAnd restart the ntpd(8) daemon. Time service is not affected and the\nadministrator can still perform queries from local host. \n\n2) Use IP based restrictions in ntpd(8) itself or in IP firewalls to\nrestrict which systems can access ntpd(8). \n\n3) Replace the base system ntpd(8) with net/ntp-devel (version 4.2.7p76 or\nnewer)\n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc\n# gpg --verify ntpd.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nRecompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the ntpd(8) daemon, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nNote that the patch would disable monitoring features of ntpd(8) daemon\nby default. If the feature is desirable, the administrator can choose\nto enable it and firewall access to ntpd(8) service. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r260641\nreleng/8.3/ r260647\nreleng/8.4/ r260647\nstable/9/ r260641\nreleng/9.1/ r260647\nreleng/9.2/ r260647\nstable/10/ r260639\nreleng/10.0/ r260641\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\nVMware Security Advisory\n\nAdvisory ID: VMSA-2014-0002\nSynopsis: VMware vSphere updates to third party libraries \nIssue date: 2014-03-11\nUpdated on: 2014-03-11 (initial advisory)\nCVE numbers: --NTP ---\n CVE-2013-5211\n --glibc (service console) ---\n CVE-2013-4332\n --JRE--\n See references\n- -----------------------------------------------------------------------\n\n1. Summary\n\n VMware has updated vSphere third party libraries. \n\n2. Relevant releases\n\n vCenter Server Appliance 5.5 prior to 5.5 Update 1 \n\n VMware vCenter Server 5.5 prior 5.5 Update 1\n\n VMware Update Manager 5.5 prior 5.5 Update 1\n\n VMware ESXi 5.5 without patch ESXi550-201403101-SG\n \n3. Problem Description\n\n a. An attacker may send a forged request to a\n vulnerable NTP server resulting in an amplified response to the\n intended target of the DDoS attack. \n \n Mitigation\n\n Mitigation for this issue is documented in VMware Knowledge Base\n article 2070193. This article also documents when vSphere \n products are affected. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2013-5211 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware\t\tProduct\tRunning\tReplace with/\n Product\t\tVersion\ton\tApply Patch\n =============\t=======\t=======\t=================\n VCSA\t\t5.5\tLinux\t5.5 Update 1 \n VCSA\t\t5.1\tLinux\tpatch pending \n VCSA\t\t5.0\tLinux\tpatch pending \n \n ESXi\t\t5.5\tESXi\tESXi550-201403101-SG\n ESXi\t\t5.1\tESXi\tpatch pending \n ESXi\t\t5.0\tESXi\tpatch pending \n ESXi\t\t4.1\tESXi\tpatch pending \n ESXi\t\t4.0\tESXi\tpatch pending \n\t\n ESX\t\t4.1\tESX\tpatch pending \n ESX\t\t4.0\tESX\tpatch pending \n\n\n b. Update to ESXi glibc package\n\n The ESXi glibc package is updated to version\n glibc-2.5-118.el5_10.2 to resolve a security issue. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2013-4332 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============== ======== ======= =================\n ESXi 5.5 ESXi ESXi550-201403101-SG\n ESXi 5.1 ESXi patch pending\n ESXi 5.0 ESXi patch pending \n ESXi 4.1 ESXi no patch planned\n ESXi 4.0 ESXi no patch planned\n\n ESX 4.1 ESX not applicable\n ESX 4.0 ESX not applicable\n\n c. vCenter and Update Manager, Oracle JRE 1.7 Update 45\n \n Oracle JRE is updated to version JRE 1.7 Update 45, which\n addresses multiple security issues that existed in earlier\n releases of Oracle JRE. \n\n Oracle has documented the CVE identifiers that are addressed\n in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch \n Update Advisory of October 2013. The References section provides\n a link to this advisory. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware\t Product\tRunning\tReplace with/\n Product\t Version\ton\tApply Patch\n ============= =======\t======= =================\n vCenter Server 5.5 Any 5.5 Update 1 \n vCenter Server 5.1\tAny\tnot applicable **\n vCenter Server 5.0\tAny\tnot applicable **\n vCenter Server 4.1\tWindows\tnot applicable **\n vCenter Server 4.0\tWindows\tnot applicable *\n\n Update Manager 5.5 Windows 5.5 Update 1 \n Update Manager 5.1\tWindows\tnot applicable **\n Update Manager 5.0\tWindows\tnot applicable **\n Update Manager 4.1\tWindows\tnot applicable *\n Update Manager 4.0\tWindows\tnot applicable *\n\n ESXi\t any\tESXi\tnot applicable\n\n ESX\t 4.1\tESX\tnot applicable **\n ESX\t 4.0\tESX\tnot applicable *\n \n * this product uses the Oracle JRE 1.5.0 family\n ** this product uses the Oracle JRE 1.6.0 family\n \n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the checksum of your downloaded file. \n \n vCenter Server 5.5 \n --------------------------\n Download link: \n \nhttps://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_\nvsphere/5_5\n\n Release Notes: \n \nhttps://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-rel\nease-notes.html\n\n ESXi 5.5 \n -----------------\n File: update-from-esxi5.5-5.5_update01.zip\n md5sum:5773844efc7d8e43135de46801d6ea25\n sha1sum:6518355d260e81b562c66c5016781db9f077161f\n http://kb.vmware.com/kb/2065826\n update-from-esxi5.5-5.5_update01 contains ESXi550-201403101-SG\n\n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332\n\n --------- jre --------- \n Oracle Java SE Critical Patch Update Advisory of October 2013\n \nhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\n\n VMware Knowledge Base article 2070193\n http://kb.vmware.com/kb/2070193 \n\n- -----------------------------------------------------------------------\n\n6. Change log\n\n 2014-03-11 VMSA-2014-0002\n Initial security advisory in conjunction with the release of\n vSphere 5.5 Update 1 on 2014-03-11\n\n- -----------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware security response policy\n http://www.vmware.com/support/policies/security_response.html\n\n General support life cycle policy\n http://www.vmware.com/support/policies/eos.html\n\n Twitter\n https://twitter.com/VMwareSRC\n\nCopyright 2014 VMware Inc. All rights reserved. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz: Rebuilt. By default, Slackware is not vulnerable\n since it includes \"noquery\" as a default restriction. However, it is\n vulnerable if this restriction is removed. To help mitigate this flaw,\n \"disable monitor\" has been added to the default ntp.conf (which will disable\n the monlist command even if other queries are allowed), and the default\n restrictions have been extended to IPv6 as well. \n All users of the NTP daemon should make sure that their ntp.conf contains\n \"disable monitor\" to prevent misuse of the NTP service. The new ntp.conf\n file will be installed as /etc/ntp.conf.new with a package upgrade, but the\n changes will need to be merged into any existing ntp.conf file by the admin. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211\n http://www.kb.cert.org/vuls/id/348126\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5211"
},
{
"db": "CERT/CC",
"id": "VU#348126"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"db": "BID",
"id": "64692"
},
{
"db": "VULMON",
"id": "CVE-2013-5211"
},
{
"db": "PACKETSTORM",
"id": "124819"
},
{
"db": "PACKETSTORM",
"id": "121020"
},
{
"db": "PACKETSTORM",
"id": "133517"
},
{
"db": "PACKETSTORM",
"id": "124791"
},
{
"db": "PACKETSTORM",
"id": "125672"
},
{
"db": "PACKETSTORM",
"id": "125222"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33073",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-5211"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5211",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#348126",
"trust": 2.0
},
{
"db": "USCERT",
"id": "TA13-088A",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/12/30/6",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/12/30/7",
"trust": 1.6
},
{
"db": "BID",
"id": "64692",
"trust": 1.3
},
{
"db": "USCERT",
"id": "TA14-013A",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59288",
"trust": 1.0
},
{
"db": "SECUNIA",
"id": "59726",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-051-04",
"trust": 1.0
},
{
"db": "SECTRACK",
"id": "1030433",
"trust": 1.0
},
{
"db": "USCERT",
"id": "TA14-017A",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN62507275",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000087",
"trust": 0.8
},
{
"db": "MLIST",
"id": "[POOL] 20111210 ODD SURGE IN TRAFFIC TODAY",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20131230 CVE TO THE NTP MONLIST DDOS ISSUE?",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20131230 RE: CVE TO THE NTP MONLIST DDOS ISSUE?",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201401-003",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2013-5211",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124819",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121020",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133517",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124791",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125672",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125222",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#348126"
},
{
"db": "VULMON",
"id": "CVE-2013-5211"
},
{
"db": "BID",
"id": "64692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"db": "PACKETSTORM",
"id": "124819"
},
{
"db": "PACKETSTORM",
"id": "121020"
},
{
"db": "PACKETSTORM",
"id": "133517"
},
{
"db": "PACKETSTORM",
"id": "124791"
},
{
"db": "PACKETSTORM",
"id": "125672"
},
{
"db": "PACKETSTORM",
"id": "125222"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-003"
},
{
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"id": "VAR-201401-0184",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-05-29T21:44:11.663000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information from BAFFARO",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/20140802.html"
},
{
"title": "Problem that simple DNS feature to function as an open resolver",
"trust": 0.8,
"url": "http://www.furukawa.co.jp/fitelnet/topic/vulnera_20130919.html"
},
{
"title": "Internet Initiative Japan Inc. website",
"trust": 0.8,
"url": "http://www.seil.jp/support/security/a01311.html"
},
{
"title": "Information from NEC Corporation",
"trust": 0.8,
"url": "https://jvn.jp/en/jp/jvn62507275/6443/index.html"
},
{
"title": "Information from YMIRLINK Inc.",
"trust": 0.8,
"url": "https://jvn.jp/en/jp/jvn62507275/99095/index.html"
},
{
"title": "Yamaha Corporation website ",
"trust": 0.8,
"url": "http://www.rtpro.yamaha.co.jp/rt/faq/security/open-resolver.html"
},
{
"title": "ntp-dev-4.2.7p26",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47338"
},
{
"title": "Debian CVElist Bug Report Logs: ntp: CVE-2013-5211",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=dda61db597837c3242ded3bd021b6d4b"
},
{
"title": "VMware Security Advisories: VMware vSphere updates to third party libraries",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=6bde2d67d2248ed25dc9005046e3affa"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
},
{
"title": "ntpscanner",
"trust": 0.1,
"url": "https://github.com/dani87/ntpscanner "
},
{
"title": "ntpscanner",
"trust": 0.1,
"url": "https://github.com/suedadam/ntpscanner "
},
{
"title": "docker-cluster",
"trust": 0.1,
"url": "https://github.com/xubyxiaobao/docker-cluster "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-5211"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/ncas/alerts/ta13-088a"
},
{
"trust": 1.6,
"url": "http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1401-ntp-monlist-network-traffic-amplification-attacks.htm"
},
{
"trust": 1.6,
"url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2013/12/30/7"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2013/12/30/6"
},
{
"trust": 1.6,
"url": "http://lists.ntp.org/pipermail/pool/2011-december/005616.html"
},
{
"trust": 1.2,
"url": "http://www.kb.cert.org/vuls/id/348126"
},
{
"trust": 1.0,
"url": "http://www.us-cert.gov/ncas/alerts/ta14-013a"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"trust": 1.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-051-04"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id/1030433"
},
{
"trust": 1.0,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095892"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59726"
},
{
"trust": 1.0,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095861"
},
{
"trust": 1.0,
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/59288"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/64692"
},
{
"trust": 1.0,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232"
},
{
"trust": 1.0,
"url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/406.html"
},
{
"trust": 0.8,
"url": "http://www.nwtime.org/"
},
{
"trust": 0.8,
"url": "http://ntp.org"
},
{
"trust": 0.8,
"url": "http://www.cisco.com/en/us/products/ps9494/products_sub_category_home.html"
},
{
"trust": 0.8,
"url": "http://www.prolexic.com/knowledge-center-white-paper-series-snmp-ntp-chargen-reflection-attacks-drdos-ddos.html"
},
{
"trust": 0.8,
"url": "http://christian-rossow.de/articles/amplification_ddos.php"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12-more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2013/at130022.html"
},
{
"trust": 0.8,
"url": "https://www.nic.ad.jp/ja/dns/openresolver/"
},
{
"trust": 0.8,
"url": "http://jprs.jp/important/2013/130418.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/en/jp/jvn62507275/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/ncas/alerts/ta14-017a"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5211"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5211"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5211"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201401-08.xml"
},
{
"trust": 0.1,
"url": "http://www.enigmail.net/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://tools.ietf.org/html/rfc1034\u003e"
},
{
"trust": 0.1,
"url": "http://www.redbarn.org/dns/ratelimits\u003e"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/library/cc754941.aspx\u003e"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/library/cc787602.aspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/mailing-lists-and-feeds/"
},
{
"trust": 0.1,
"url": "http://dns.measurement-factory.com/surveys/openresolvers/asn-reports/latest.html\u003e"
},
{
"trust": 0.1,
"url": "http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/bv9arm.ch07.html#access_control_lists\u003e"
},
{
"trust": 0.1,
"url": "http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/bv9arm.ch03.html#id2567992\u003e"
},
{
"trust": 0.1,
"url": "http://ss.vix.su/~vixie/isc-tn-2012-1.txt\u003e"
},
{
"trust": 0.1,
"url": "http://openresolverproject.org"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/privacy/"
},
{
"trust": 0.1,
"url": "http://www.dnsinspect.com"
},
{
"trust": 0.1,
"url": "http://www.dnsinspect.com/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/privacy/notification/"
},
{
"trust": 0.1,
"url": "http://dns.measurement-factory.com/cgi-bin/openresolverquery.pl\u003e"
},
{
"trust": 0.1,
"url": "http://dns.measurement-factory.com"
},
{
"trust": 0.1,
"url": "http://openresolverproject.org/\u003e"
},
{
"trust": 0.1,
"url": "http://tools.ietf.org/html/bcp38\u003e"
},
{
"trust": 0.1,
"url": "http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296"
},
{
"trust": 0.1,
"url": "http://bugs.ntp.org/show_bug.cgi?id=1532\u003e"
},
{
"trust": 0.1,
"url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:02/ntpd.patch"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:02/ntpd.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5211\u003e"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks\u003e"
},
{
"trust": 0.1,
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/advisories/freebsd-sa-14:02.ntpd.asc\u003e"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4332"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4332"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/2070193"
},
{
"trust": 0.1,
"url": "https://twitter.com/vmwaresrc"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/2065826"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-rel"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#348126"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"db": "PACKETSTORM",
"id": "124819"
},
{
"db": "PACKETSTORM",
"id": "121020"
},
{
"db": "PACKETSTORM",
"id": "133517"
},
{
"db": "PACKETSTORM",
"id": "124791"
},
{
"db": "PACKETSTORM",
"id": "125672"
},
{
"db": "PACKETSTORM",
"id": "125222"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-003"
},
{
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#348126"
},
{
"db": "VULMON",
"id": "CVE-2013-5211"
},
{
"db": "BID",
"id": "64692"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"db": "PACKETSTORM",
"id": "124819"
},
{
"db": "PACKETSTORM",
"id": "121020"
},
{
"db": "PACKETSTORM",
"id": "133517"
},
{
"db": "PACKETSTORM",
"id": "124791"
},
{
"db": "PACKETSTORM",
"id": "125672"
},
{
"db": "PACKETSTORM",
"id": "125222"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-003"
},
{
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-10T00:00:00",
"db": "CERT/CC",
"id": "VU#348126"
},
{
"date": "2014-01-02T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5211"
},
{
"date": "2013-12-30T00:00:00",
"db": "BID",
"id": "64692"
},
{
"date": "2013-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"date": "2014-01-17T20:22:00",
"db": "PACKETSTORM",
"id": "124819"
},
{
"date": "2013-03-30T17:58:25",
"db": "PACKETSTORM",
"id": "121020"
},
{
"date": "2015-09-10T00:10:00",
"db": "PACKETSTORM",
"id": "133517"
},
{
"date": "2014-01-15T18:23:33",
"db": "PACKETSTORM",
"id": "124791"
},
{
"date": "2014-03-12T21:15:50",
"db": "PACKETSTORM",
"id": "125672"
},
{
"date": "2014-02-15T00:06:15",
"db": "PACKETSTORM",
"id": "125222"
},
{
"date": "2014-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-003"
},
{
"date": "2014-01-02T14:59:00",
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-26T00:00:00",
"db": "CERT/CC",
"id": "VU#348126"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2013-5211"
},
{
"date": "2015-11-03T19:36:00",
"db": "BID",
"id": "64692"
},
{
"date": "2014-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000087"
},
{
"date": "2014-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-003"
},
{
"date": "2018-10-30T16:27:00",
"db": "NVD",
"id": "CVE-2013-5211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NTP can be abused to amplify denial-of-service attack traffic",
"sources": [
{
"db": "CERT/CC",
"id": "VU#348126"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-003"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.