var-201701-1138
Vulnerability from variot

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Versions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ========================================================================== Ubuntu Security Notice USN-3096-1 October 05, 2016

ntp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in NTP. A remote attacker could use this issue to perform a replay attack. (CVE-2015-7973)

Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. (CVE-2015-7974)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7975)

Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled dangerous characters in filenames. An attacker could possibly use this issue to overwrite arbitrary files. (CVE-2015-7976)

Stephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978)

Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. (CVE-2015-7979)

Jonathan Gardner discovered that NTP incorrectly handled origin timestamp checks. A remote attacker could use this issue to spoof peer servers. (CVE-2015-8138)

Jonathan Gardner discovered that the NTP ntpq utility did not properly handle certain incorrect values. (CVE-2015-8158)

It was discovered that the NTP cronjob incorrectly cleaned up the statistics directory. A local attacker could possibly use this to escalate privileges. (CVE-2016-0727)

Stephen Gray and Matthew Van Gundy discovered that NTP incorrectly validated crypto-NAKs. A remote attacker could possibly use this issue to prevent clients from synchronizing. A remote attacker could possibly use this issue to prevent clients from synchronizing. (CVE-2016-1548)

Matthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that NTP incorrectly handled message authentication. (CVE-2016-1550)

Yihan Lian discovered that NTP incorrectly handled duplicate IPs on unconfig directives. (CVE-2016-4956)

In the default installation, attackers would be isolated by the NTP AppArmor profile.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS: ntp 1:4.2.8p4+dfsg-3ubuntu5.3

Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10

Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.11

In general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64


Gentoo Linux Security Advisory GLSA 201607-15


                                       https://security.gentoo.org/

Severity: Normal Title: NTP: Multiple vulnerabilities Date: July 20, 2016 Bugs: #563774, #572452, #581528, #584954 ID: 201607-15


Synopsis

Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/ntp < 4.2.8_p8 >= 4.2.8_p8

Description

Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All NTP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8_p8"

References

[ 1 ] CVE-2015-7691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691 [ 2 ] CVE-2015-7692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692 [ 3 ] CVE-2015-7701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701 [ 4 ] CVE-2015-7702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702 [ 5 ] CVE-2015-7703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703 [ 6 ] CVE-2015-7704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704 [ 7 ] CVE-2015-7705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705 [ 8 ] CVE-2015-7848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848 [ 9 ] CVE-2015-7849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849 [ 10 ] CVE-2015-7850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850 [ 11 ] CVE-2015-7851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851 [ 12 ] CVE-2015-7852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852 [ 13 ] CVE-2015-7853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853 [ 14 ] CVE-2015-7854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854 [ 15 ] CVE-2015-7855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855 [ 16 ] CVE-2015-7871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871 [ 17 ] CVE-2015-7973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973 [ 18 ] CVE-2015-7974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974 [ 19 ] CVE-2015-7975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975 [ 20 ] CVE-2015-7976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976 [ 21 ] CVE-2015-7977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977 [ 22 ] CVE-2015-7978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978 [ 23 ] CVE-2015-7979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979 [ 24 ] CVE-2015-8138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138 [ 25 ] CVE-2015-8139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139 [ 26 ] CVE-2015-8140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140 [ 27 ] CVE-2015-8158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158 [ 28 ] CVE-2016-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547 [ 29 ] CVE-2016-1548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548 [ 30 ] CVE-2016-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549 [ 31 ] CVE-2016-1550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550 [ 32 ] CVE-2016-1551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551 [ 33 ] CVE-2016-2516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516 [ 34 ] CVE-2016-2517 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517 [ 35 ] CVE-2016-2518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518 [ 36 ] CVE-2016-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519 [ 37 ] CVE-2016-4953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953 [ 38 ] CVE-2016-4954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954 [ 39 ] CVE-2016-4955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955 [ 40 ] CVE-2016-4956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956 [ 41 ] CVE-2016-4957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201607-15

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: ntp security update Advisory ID: RHSA-2016:1141-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1141 Issue date: 2016-05-31 CVE Names: CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518 =====================================================================

  1. Summary:

An update for ntp is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

  1. Description:

The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service.

Security Fix(es):

  • It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979)

  • A denial of service flaw was found in the way NTP handled preemptable client associations. (CVE-2016-1547)

  • It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. (CVE-2016-1548)

  • A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550)

  • An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518)

The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat).

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode 1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service 1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets 1331464 - CVE-2016-1550 ntp: libntp message digest disclosure 1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: ntp-4.2.6p5-10.el6.1.src.rpm

i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm

x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm

noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: ntp-4.2.6p5-10.el6.1.src.rpm

x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: ntp-4.2.6p5-10.el6.1.src.rpm

i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm

ppc64: ntp-4.2.6p5-10.el6.1.ppc64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntpdate-4.2.6p5-10.el6.1.ppc64.rpm

s390x: ntp-4.2.6p5-10.el6.1.s390x.rpm ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntpdate-4.2.6p5-10.el6.1.s390x.rpm

x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm

noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm

ppc64: ntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm ntp-perl-4.2.6p5-10.el6.1.ppc64.rpm

s390x: ntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm ntp-perl-4.2.6p5-10.el6.1.s390x.rpm

x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: ntp-4.2.6p5-10.el6.1.src.rpm

i386: ntp-4.2.6p5-10.el6.1.i686.rpm ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntpdate-4.2.6p5-10.el6.1.i686.rpm

x86_64: ntp-4.2.6p5-10.el6.1.x86_64.rpm ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntpdate-4.2.6p5-10.el6.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: ntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm ntp-perl-4.2.6p5-10.el6.1.i686.rpm

noarch: ntp-doc-4.2.6p5-10.el6.1.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm ntp-perl-4.2.6p5-10.el6.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: ntp-4.2.6p5-22.el7_2.2.src.rpm

x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: ntp-4.2.6p5-22.el7_2.2.src.rpm

x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: ntp-4.2.6p5-22.el7_2.2.src.rpm

ppc64: ntp-4.2.6p5-22.el7_2.2.ppc64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm

ppc64le: ntp-4.2.6p5-22.el7_2.2.ppc64le.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm ntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm

s390x: ntp-4.2.6p5-22.el7_2.2.s390x.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm ntpdate-4.2.6p5-22.el7_2.2.s390x.rpm

x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm

ppc64: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm sntp-4.2.6p5-22.el7_2.2.ppc64.rpm

ppc64le: ntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm sntp-4.2.6p5-22.el7_2.2.ppc64le.rpm

s390x: ntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm sntp-4.2.6p5-22.el7_2.2.s390x.rpm

x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: ntp-4.2.6p5-22.el7_2.2.src.rpm

x86_64: ntp-4.2.6p5-22.el7_2.2.x86_64.rpm ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm ntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch: ntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm ntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm

x86_64: ntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm sntp-4.2.6p5-22.el7_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-7979 https://access.redhat.com/security/cve/CVE-2016-1547 https://access.redhat.com/security/cve/CVE-2016-1548 https://access.redhat.com/security/cve/CVE-2016-1550 https://access.redhat.com/security/cve/CVE-2016-2518 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx SULnKXrtTJd5iJ6eQVtDnxA= =hETy -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz: Upgraded. This release patches several low and medium severity security issues: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519: ctl_getitem() return value not always checked CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548: Interleave-pivot - MITIGATION ONLY CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing For more information, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519 ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz

Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 package: 785dc2ef5f80edb28dc781e261c3fe3f ntp-4.2.8p7-i486-1_slack13.0.txz

Slackware x86_64 13.0 package: 899421096b7b63e6cb269f8b01dfd875 ntp-4.2.8p7-x86_64-1_slack13.0.txz

Slackware 13.1 package: dfd34cbd31be3572a2bcae7f59cdfd91 ntp-4.2.8p7-i486-1_slack13.1.txz

Slackware x86_64 13.1 package: 63c4b31736040e7950361cd0d7081c8b ntp-4.2.8p7-x86_64-1_slack13.1.txz

Slackware 13.37 package: e760ae0c6cc3fa933e4d65d6995b0c84 ntp-4.2.8p7-i486-1_slack13.37.txz

Slackware x86_64 13.37 package: aa448523b27bb4fcccc2f46cf4d72bc5 ntp-4.2.8p7-x86_64-1_slack13.37.txz

Slackware 14.0 package: 3bc7e54a4164a4f91be996b5cf2e643e ntp-4.2.8p7-i486-1_slack14.0.txz

Slackware x86_64 14.0 package: 0f6ea4dae476709f26f5d0e33378576c ntp-4.2.8p7-x86_64-1_slack14.0.txz

Slackware 14.1 package: dbe827ee7ece6ce5ca083cdd5960162c ntp-4.2.8p7-i486-1_slack14.1.txz

Slackware x86_64 14.1 package: 89f3edf183a6a9847d69b8349f98c901 ntp-4.2.8p7-x86_64-1_slack14.1.txz

Slackware -current package: 4018b86edd15e40e8c5e9f50d907dcff n/ntp-4.2.8p7-i586-1.txz

Slackware x86_64 -current package: 7dd6b64ba8c9fdaebb7becc1f5c3963d n/ntp-4.2.8p7-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the package as root:

upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz

Then, restart the NTP daemon:

sh /etc/rc.d/rc.ntpd restart

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

CVE-2015-7977 / CVE-2015-7978

Stephen Gray discovered that a NULL pointer dereference and a
buffer overflow in the handling of "ntpdc reslist" commands may
result in denial of service.

CVE-2016-2518

Yihan Lian discovered that an OOB memory access could potentially
crash ntpd.

For the stable distribution (jessie), these problems have been fixed in version 1:4.2.6.p5+dfsg-7+deb8u2.

For the testing distribution (stretch), these problems have been fixed in version 1:4.2.8p7+dfsg-1.

For the unstable distribution (sid), these problems have been fixed in version 1:4.2.8p7+dfsg-1.

We recommend that you upgrade your ntp packages

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-1138",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ntp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ntp",
        "version": "4.2.8"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ntp",
        "version": "4.2.8"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "ntp",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ntp",
        "version": "4.2.8p4  and earlier"
      },
      {
        "model": "ntp",
        "scope": null,
        "trust": 0.8,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "physical access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3.77"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "dcm series 9900-digital content manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "application policy infrastructure controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3.25"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.4"
      },
      {
        "model": "network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.50"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.0"
      },
      {
        "model": "4.2.8p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.20"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.4"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise content delivery system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "identity services engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "4.2.8p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.7"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.18"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.16"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3400"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "4.2.7p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.7"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "p153",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "video delivery system recorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business series wireless access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3210"
      },
      {
        "model": "p7-rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.0(2)"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "p150",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.5"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.4"
      },
      {
        "model": "4.2.5p186",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "network device security assessment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "prime license manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "asa cx and cisco prime security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "visual quality experience server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "digital media manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "4.2.5p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.2"
      },
      {
        "model": "prime collaboration assurance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "standalone rack server cimc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "telepresence conductor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.19"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "prime infrastructure standalone plug and play gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unity express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "content security appliance updater servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3.70"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.5"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "p8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "4.2.8p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "4.2.8p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "scos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.9.0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "4.2.7p111",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "meetingplace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security privileged identity manager fixpack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.28"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.6"
      },
      {
        "model": "support central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.6"
      },
      {
        "model": "small business series wireless access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "virtual security gateway for microsoft hyper-v",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified computing system e-series blade server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "enterprise linux hpc node eus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "clean access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ntp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3.92"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2.3"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.11"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.10"
      },
      {
        "model": "p74",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.2"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "common services platform collector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.4.0"
      },
      {
        "model": "prime service catalog virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.26"
      },
      {
        "model": "4.2.8p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.17"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.15"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.12"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.80"
      },
      {
        "model": "prime access registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "wap371 wireless access point",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "media experience engines",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "intrusion prevention system solutions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "p1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.14"
      },
      {
        "model": "edge digital media player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3000"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3.90"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.5.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "videoscape control suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.9"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.3"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "management heartbeat server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "series ip phones vpn feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800-0"
      },
      {
        "model": "mediasense",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "lotus protector for mail security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.8.1.0"
      },
      {
        "model": "small business series wireless access points",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1210"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "industrial router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9100"
      },
      {
        "model": "p6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.3.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "visual quality experience tools server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "4.2.8p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "video distribution suite for internet streaming",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "4.2.8p7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "4.2.7p366",
        "scope": null,
        "trust": 0.3,
        "vendor": "ntp",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "im and presence service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "connected grid routers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "smartcloud entry appliance fi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "security network protection",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "p4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "show and share",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sentinel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "p7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "nac server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloud object store",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "ucs director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ntp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.4.0"
      },
      {
        "model": "p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ntp",
        "version": "4.2.4"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "BID",
        "id": "88276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1547"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported these vulnerabilities to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2016-1547",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-1547",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-1547",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1547",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-602",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-1547",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-1547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. The NTP.org reference implementation of ntpd contains multiple vulnerabilities. NTP is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nVersions prior to NTP 4.2.8p7 and 4.3.x versions prior to 4.3.92 are vulnerable. ==========================================================================\nUbuntu Security Notice USN-3096-1\nOctober 05, 2016\n\nntp vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. A remote attacker could use this issue to perform a replay\nattack. (CVE-2015-7973)\n\nMatt Street discovered that NTP incorrectly verified peer associations of\nsymmetric keys. A remote attacker could use this issue to perform an\nimpersonation attack. (CVE-2015-7974)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled\nmemory. This issue only affected Ubuntu 16.04\nLTS. (CVE-2015-7975)\n\nJonathan Gardner discovered that the NTP ntpq utility incorrectly handled\ndangerous characters in filenames. An attacker could possibly use this\nissue to overwrite arbitrary files. (CVE-2015-7976)\n\nStephen Gray discovered that NTP incorrectly handled large restrict lists. (CVE-2015-7977, CVE-2015-7978)\n\nAanchal Malhotra discovered that NTP incorrectly handled authenticated\nbroadcast mode. (CVE-2015-7979)\n\nJonathan Gardner discovered that NTP incorrectly handled origin timestamp\nchecks. A remote attacker could use this issue to spoof peer servers. \n(CVE-2015-8138)\n\nJonathan Gardner discovered that the NTP ntpq utility did not properly\nhandle certain incorrect values. (CVE-2015-8158)\n\nIt was discovered that the NTP cronjob incorrectly cleaned up the\nstatistics directory. A local attacker could possibly use this to escalate\nprivileges. (CVE-2016-0727)\n\nStephen Gray and Matthew Van Gundy discovered that NTP incorrectly\nvalidated crypto-NAKs. A remote attacker could possibly use this issue to\nprevent clients from synchronizing. A remote attacker could\npossibly use this issue to prevent clients from synchronizing. \n(CVE-2016-1548)\n\nMatthew Van Gundy, Stephen Gray and Loganaden Velvindron discovered that\nNTP incorrectly handled message authentication. (CVE-2016-1550)\n\nYihan Lian discovered that NTP incorrectly handled duplicate IPs on\nunconfig directives. (CVE-2016-4956)\n\nIn the default installation, attackers would be isolated by the NTP\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n  ntp                             1:4.2.8p4+dfsg-3ubuntu5.3\n\nUbuntu 14.04 LTS:\n  ntp                             1:4.2.6.p5+dfsg-3ubuntu2.14.04.10\n\nUbuntu 12.04 LTS:\n  ntp                             1:4.2.6.p3+dfsg-1ubuntu3.11\n\nIn general, a standard system update will make all the necessary changes. 6.7) - i386, noarch, ppc64, s390x, x86_64\n\n3. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201607-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: NTP: Multiple vulnerabilities\n     Date: July 20, 2016\n     Bugs: #563774, #572452, #581528, #584954\n       ID: 201607-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in NTP, the worst of which\ncould lead to Denial of Service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/ntp                \u003c 4.2.8_p8               \u003e= 4.2.8_p8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8_p8\"\n\nReferences\n==========\n\n[  1 ] CVE-2015-7691\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7691\n[  2 ] CVE-2015-7692\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7692\n[  3 ] CVE-2015-7701\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7701\n[  4 ] CVE-2015-7702\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7702\n[  5 ] CVE-2015-7703\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7703\n[  6 ] CVE-2015-7704\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7704\n[  7 ] CVE-2015-7705\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7705\n[  8 ] CVE-2015-7848\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7848\n[  9 ] CVE-2015-7849\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7849\n[ 10 ] CVE-2015-7850\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7850\n[ 11 ] CVE-2015-7851\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7851\n[ 12 ] CVE-2015-7852\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7852\n[ 13 ] CVE-2015-7853\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7853\n[ 14 ] CVE-2015-7854\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7854\n[ 15 ] CVE-2015-7855\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7855\n[ 16 ] CVE-2015-7871\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7871\n[ 17 ] CVE-2015-7973\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7973\n[ 18 ] CVE-2015-7974\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7974\n[ 19 ] CVE-2015-7975\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7975\n[ 20 ] CVE-2015-7976\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7976\n[ 21 ] CVE-2015-7977\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7977\n[ 22 ] CVE-2015-7978\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7978\n[ 23 ] CVE-2015-7979\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7979\n[ 24 ] CVE-2015-8138\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8138\n[ 25 ] CVE-2015-8139\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8139\n[ 26 ] CVE-2015-8140\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8140\n[ 27 ] CVE-2015-8158\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8158\n[ 28 ] CVE-2016-1547\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1547\n[ 29 ] CVE-2016-1548\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1548\n[ 30 ] CVE-2016-1549\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1549\n[ 31 ] CVE-2016-1550\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1550\n[ 32 ] CVE-2016-1551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1551\n[ 33 ] CVE-2016-2516\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2516\n[ 34 ] CVE-2016-2517\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2517\n[ 35 ] CVE-2016-2518\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2518\n[ 36 ] CVE-2016-2519\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2519\n[ 37 ] CVE-2016-4953\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4953\n[ 38 ] CVE-2016-4954\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4954\n[ 39 ] CVE-2016-4955\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4955\n[ 40 ] CVE-2016-4956\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4956\n[ 41 ] CVE-2016-4957\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4957\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: ntp security update\nAdvisory ID:       RHSA-2016:1141-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2016:1141\nIssue date:        2016-05-31\nCVE Names:         CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 \n                   CVE-2016-1550 CVE-2016-2518 \n=====================================================================\n\n1. Summary:\n\nAn update for ntp is now available for Red Hat Enterprise Linux 6 and Red\nHat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith another referenced time source. These packages include the ntpd\nservice which continuously adjusts system time and utilities used to query\nand configure the ntpd service. \n\nSecurity Fix(es):\n\n* It was found that when NTP was configured in broadcast mode, a remote\nattacker could broadcast packets with bad authentication to all clients. \nThe clients, upon receiving the malformed packets, would break the\nassociation with the broadcast server, causing them to become out of sync\nover a longer period of time. (CVE-2015-7979)\n\n* A denial of service flaw was found in the way NTP handled preemptable\nclient associations. (CVE-2016-1547)\n\n* It was found that an ntpd client could be forced to change from basic\nclient/server mode to the interleaved symmetric mode. (CVE-2016-1548)\n\n* A flaw was found in the way NTP\u0027s libntp performed message\nauthentication. An attacker able to observe the timing of the comparison\nfunction used in packet authentication could potentially use this flaw to\nrecover the message digest. (CVE-2016-1550)\n\n* An out-of-bounds access flaw was found in the way ntpd processed certain\npackets. An authenticated attacker could use a crafted packet to create a\npeer association with hmode of 7 and larger, which could potentially\n(although highly unlikely) cause ntpd to crash. (CVE-2016-2518)\n\nThe CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode\n1331461 - CVE-2016-1547 ntp: crypto-NAK preemptable association denial of service\n1331462 - CVE-2016-1548 ntp: ntpd switching to interleaved mode with spoofed packets\n1331464 - CVE-2016-1550 ntp: libntp message digest disclosure\n1331468 - CVE-2016-2518 ntp: out-of-bounds references on crafted packet\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nppc64:\nntp-4.2.6p5-10.el6.1.ppc64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm\nntpdate-4.2.6p5-10.el6.1.ppc64.rpm\n\ns390x:\nntp-4.2.6p5-10.el6.1.s390x.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm\nntpdate-4.2.6p5-10.el6.1.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-10.el6.1.ppc64.rpm\nntp-perl-4.2.6p5-10.el6.1.ppc64.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-10.el6.1.s390x.rpm\nntp-perl-4.2.6p5-10.el6.1.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nntp-4.2.6p5-10.el6.1.src.rpm\n\ni386:\nntp-4.2.6p5-10.el6.1.i686.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntpdate-4.2.6p5-10.el6.1.i686.rpm\n\nx86_64:\nntp-4.2.6p5-10.el6.1.x86_64.rpm\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntpdate-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nntp-debuginfo-4.2.6p5-10.el6.1.i686.rpm\nntp-perl-4.2.6p5-10.el6.1.i686.rpm\n\nnoarch:\nntp-doc-4.2.6p5-10.el6.1.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-10.el6.1.x86_64.rpm\nntp-perl-4.2.6p5-10.el6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nppc64:\nntp-4.2.6p5-22.el7_2.2.ppc64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm\nntpdate-4.2.6p5-22.el7_2.2.ppc64.rpm\n\nppc64le:\nntp-4.2.6p5-22.el7_2.2.ppc64le.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm\nntpdate-4.2.6p5-22.el7_2.2.ppc64le.rpm\n\ns390x:\nntp-4.2.6p5-22.el7_2.2.s390x.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm\nntpdate-4.2.6p5-22.el7_2.2.s390x.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nppc64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64.rpm\nsntp-4.2.6p5-22.el7_2.2.ppc64.rpm\n\nppc64le:\nntp-debuginfo-4.2.6p5-22.el7_2.2.ppc64le.rpm\nsntp-4.2.6p5-22.el7_2.2.ppc64le.rpm\n\ns390x:\nntp-debuginfo-4.2.6p5-22.el7_2.2.s390x.rpm\nsntp-4.2.6p5-22.el7_2.2.s390x.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nntp-4.2.6p5-22.el7_2.2.src.rpm\n\nx86_64:\nntp-4.2.6p5-22.el7_2.2.x86_64.rpm\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nntpdate-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nntp-doc-4.2.6p5-22.el7_2.2.noarch.rpm\nntp-perl-4.2.6p5-22.el7_2.2.noarch.rpm\n\nx86_64:\nntp-debuginfo-4.2.6p5-22.el7_2.2.x86_64.rpm\nsntp-4.2.6p5-22.el7_2.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7979\nhttps://access.redhat.com/security/cve/CVE-2016-1547\nhttps://access.redhat.com/security/cve/CVE-2016-1548\nhttps://access.redhat.com/security/cve/CVE-2016-1550\nhttps://access.redhat.com/security/cve/CVE-2016-2518\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXTUp2XlSAg2UNWIIRAqUmAKC32P98McZUqU1gzWxBbCz0hn0eagCfRtrx\nSULnKXrtTJd5iJ6eQVtDnxA=\n=hETy\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz:  Upgraded. \n  This release patches several low and medium severity security issues:\n  CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering\n  CVE-2016-1549: Sybil vulnerability: ephemeral association attack,\n    AKA: ntp-sybil - MITIGATION ONLY\n  CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion\n    botch\n  CVE-2016-2517: Remote configuration trustedkey/requestkey values are not\n    properly validated\n  CVE-2016-2518: Crafted addpeer with hmode \u003e 7 causes array wraparound with\n    MATCH_ASSOC\n  CVE-2016-2519: ctl_getitem() return value not always checked\n  CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos\n  CVE-2016-1548: Interleave-pivot - MITIGATION ONLY\n  CVE-2015-7704: KoD fix: peer associations were broken by the fix for\n    NtpBug2901, AKA: Symmetric active/passive mode is broken\n  CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks\n  CVE-2016-1550: Improve NTP security against buffer comparison timing attacks,\n    authdecrypt-timing, AKA: authdecrypt-timing\n  For more information, see:\n    http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519\n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p7-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p7-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p7-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p7-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p7-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p7-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p7-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\n785dc2ef5f80edb28dc781e261c3fe3f  ntp-4.2.8p7-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n899421096b7b63e6cb269f8b01dfd875  ntp-4.2.8p7-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ndfd34cbd31be3572a2bcae7f59cdfd91  ntp-4.2.8p7-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n63c4b31736040e7950361cd0d7081c8b  ntp-4.2.8p7-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne760ae0c6cc3fa933e4d65d6995b0c84  ntp-4.2.8p7-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\naa448523b27bb4fcccc2f46cf4d72bc5  ntp-4.2.8p7-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n3bc7e54a4164a4f91be996b5cf2e643e  ntp-4.2.8p7-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n0f6ea4dae476709f26f5d0e33378576c  ntp-4.2.8p7-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ndbe827ee7ece6ce5ca083cdd5960162c  ntp-4.2.8p7-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n89f3edf183a6a9847d69b8349f98c901  ntp-4.2.8p7-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n4018b86edd15e40e8c5e9f50d907dcff  n/ntp-4.2.8p7-i586-1.txz\n\nSlackware x86_64 -current package:\n7dd6b64ba8c9fdaebb7becc1f5c3963d  n/ntp-4.2.8p7-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg ntp-4.2.8p7-i486-1_slack14.1.txz\n\nThen, restart the NTP daemon:\n\n# sh /etc/rc.d/rc.ntpd restart\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nCVE-2015-7977 / CVE-2015-7978\n\n    Stephen Gray discovered that a NULL pointer dereference and a\n    buffer overflow in the handling of \"ntpdc reslist\" commands may\n    result in denial of service. \n\nCVE-2016-2518\n\n    Yihan Lian discovered that an OOB memory access could potentially\n    crash ntpd. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u2. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1. \n\nWe recommend that you upgrade your ntp packages",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1547"
      },
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "db": "BID",
        "id": "88276"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1547"
      },
      {
        "db": "PACKETSTORM",
        "id": "138984"
      },
      {
        "db": "PACKETSTORM",
        "id": "138162"
      },
      {
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "db": "PACKETSTORM",
        "id": "137244"
      },
      {
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "db": "PACKETSTORM",
        "id": "138052"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1547",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#718152",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "88276",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1035705",
        "trust": 1.7
      },
      {
        "db": "TALOS",
        "id": "TALOS-2016-0081",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-103-11",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-211752",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-497656",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU95781418",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU96269392",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU91176422",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-159-11",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021061008",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1547",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138984",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138162",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137992",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137244",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136864",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "138052",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1547"
      },
      {
        "db": "BID",
        "id": "88276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "db": "PACKETSTORM",
        "id": "138984"
      },
      {
        "db": "PACKETSTORM",
        "id": "138162"
      },
      {
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "db": "PACKETSTORM",
        "id": "137244"
      },
      {
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "db": "PACKETSTORM",
        "id": "138052"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ]
  },
  "id": "VAR-201701-1138",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.33987721
  },
  "last_update_date": "2023-12-18T11:19:28.340000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "TALOS-2016-0081",
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security"
      },
      {
        "title": "ntpd Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61285"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/04/28/time_for_a_patch_six_vulns_fixed_in_ntp_daemon/"
      },
      {
        "title": "Red Hat: CVE-2016-1547",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2016-1547"
      },
      {
        "title": "Ubuntu Security Notice: ntp vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3096-1"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=e70fe4cd19746222a97e5da53d3d2b2a"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=85311fa037162a48cd67fd63f52a6478"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=83bbd91f8369c8f064e6d68dac68400f"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "satellite-host-cve",
        "trust": 0.1,
        "url": "https://github.com/redhatsatellite/satellite-host-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-1547"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Illegal synchronization (CWE-821) [IPA Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1547"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
      },
      {
        "trust": 2.1,
        "url": "https://access.redhat.com/errata/rhsa-2016:1141"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201607-15"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-1552.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.talosintelligence.com/reports/talos-2016-0081/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/88276"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035705"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3629"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
      },
      {
        "trust": 1.7,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-16:16.ntp.asc"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
      },
      {
        "trust": 1.2,
        "url": "https://www.kb.cert.org/vuls/id/718152"
      },
      {
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#april_2016_ntp_4_2_8p7_security"
      },
      {
        "trust": 0.8,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#january_2016_ntp_4_2_8p6_securit"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91176422/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96269392/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95781418/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1547"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1547"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021061008"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1548"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7979"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1550"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2518"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8138"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-1547"
      },
      {
        "trust": 0.3,
        "url": "http://www.ntp.org/"
      },
      {
        "trust": 0.3,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-ntpd"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023885"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024073"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021521"
      },
      {
        "trust": 0.3,
        "url": "http://support.ntp.org/bin/view/main/ntpbug3007 "
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983803"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985122"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986956"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988706"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21989542"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory7.asc"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7978"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2516"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7974"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7977"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8158"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7973"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7975"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7976"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-7979"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1548"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-1550"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-2518"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7704"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/3096-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4956"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0727"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4954"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.10"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-3096-1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4955"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.11"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.8p4+dfsg-3ubuntu5.3"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7871"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7705"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1549"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7702"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7849"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7852"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8140"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7852"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1551"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2516"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7975"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8158"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4954"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4956"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7973"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7853"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7701"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7704"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8140"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7691"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8139"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4957"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7703"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7855"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4955"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7849"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7854"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7703"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7705"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2517"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1548"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7691"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1547"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7854"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7853"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2519"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2518"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7851"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7692"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7871"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7977"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7848"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1550"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7850"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7850"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7701"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7692"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8138"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7979"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7851"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4953"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7976"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2516"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7704"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1551"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2517"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2519"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1547"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8138"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2518"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1549"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1551"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1550"
      },
      {
        "trust": 0.1,
        "url": "http://support.ntp.org/bin/view/main/securitynotice#recent_vulnerabilities"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2517"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1548"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1549"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1547"
      },
      {
        "db": "BID",
        "id": "88276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "db": "PACKETSTORM",
        "id": "138984"
      },
      {
        "db": "PACKETSTORM",
        "id": "138162"
      },
      {
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "db": "PACKETSTORM",
        "id": "137244"
      },
      {
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "db": "PACKETSTORM",
        "id": "138052"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-1547"
      },
      {
        "db": "BID",
        "id": "88276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "db": "PACKETSTORM",
        "id": "138984"
      },
      {
        "db": "PACKETSTORM",
        "id": "138162"
      },
      {
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "db": "PACKETSTORM",
        "id": "137244"
      },
      {
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "db": "PACKETSTORM",
        "id": "138052"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1547"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "date": "2017-01-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1547"
      },
      {
        "date": "2016-04-26T00:00:00",
        "db": "BID",
        "id": "88276"
      },
      {
        "date": "2017-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "date": "2016-10-05T22:33:00",
        "db": "PACKETSTORM",
        "id": "138984"
      },
      {
        "date": "2016-08-03T18:16:52",
        "db": "PACKETSTORM",
        "id": "138162"
      },
      {
        "date": "2016-07-21T15:56:23",
        "db": "PACKETSTORM",
        "id": "137992"
      },
      {
        "date": "2016-05-31T13:33:49",
        "db": "PACKETSTORM",
        "id": "137244"
      },
      {
        "date": "2016-05-02T21:38:58",
        "db": "PACKETSTORM",
        "id": "136864"
      },
      {
        "date": "2016-07-26T19:19:00",
        "db": "PACKETSTORM",
        "id": "138052"
      },
      {
        "date": "2017-01-06T21:59:00.320000",
        "db": "NVD",
        "id": "CVE-2016-1547"
      },
      {
        "date": "2016-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-28T00:00:00",
        "db": "CERT/CC",
        "id": "VU#718152"
      },
      {
        "date": "2021-06-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-1547"
      },
      {
        "date": "2016-11-24T01:07:00",
        "db": "BID",
        "id": "88276"
      },
      {
        "date": "2021-06-10T09:01:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-006648"
      },
      {
        "date": "2021-11-17T22:15:47.330000",
        "db": "NVD",
        "id": "CVE-2016-1547"
      },
      {
        "date": "2021-11-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "138984"
      },
      {
        "db": "PACKETSTORM",
        "id": "138162"
      },
      {
        "db": "PACKETSTORM",
        "id": "137244"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NTP.org ntpd contains multiple vulnerabilities",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#718152"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-602"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.