CVE-2013-5211
CVSS5.0
发布时间 :2014-01-02 09:59:03
修订时间 :2017-12-08 21:29:02
NMCOPS    

[原文]The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.


[CNNVD]NTP monlist功能输入验证漏洞(CNNVD-201401-003)

        ntpd(Network Time Protocol daemon)是一个操作系统守护进程,它使用网络时间协议(NTP)与时间服务器的系统时间保持同步。
        NTP 4.2.7p26之前的版本中的ntpd守护进程中的ntp_request.c文件中的monlist功能中存在输入验证漏洞。远程攻击者可通过伪造REQ_MON_GETLIST或REQ_MON_GETLIST_1请求利用该漏洞造成拒绝服务。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/a:ntp:ntp:4.2.7
cpe:/o:novell:opensuse:11.4Novell openSUSE 11.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:24449Network Time Protocol (NTP) vulnerability in AIX
oval:org.mitre.oval:def:26210SUSE-SU-2014:0937-1 -- Security update for ntp
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201401-003
(官方数据源) CNNVD

- 其它链接及资源

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc
(UNKNOWN)  CONFIRM  http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc
http://bugs.ntp.org/show_bug.cgi?id=1532
(UNKNOWN)  CONFIRM  http://bugs.ntp.org/show_bug.cgi?id=1532
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
(VENDOR_ADVISORY)  MISC  http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
http://lists.ntp.org/pipermail/pool/2011-December/005616.html
(UNKNOWN)  MLIST  [pool] 20111210 Odd surge in traffic today
http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html
(UNKNOWN)  SUSE  openSUSE-SU-2014:1149
http://marc.info/?l=bugtraq&m=138971294629419&w=2
(UNKNOWN)  HP  HPSBUX02960
http://marc.info/?l=bugtraq&m=144182594518755&w=2
(UNKNOWN)  HP  HPSBOV03505
http://openwall.com/lists/oss-security/2013/12/30/6
(UNKNOWN)  MLIST  [oss-security] 20131230 CVE to the ntp monlist DDoS issue?
http://openwall.com/lists/oss-security/2013/12/30/7
(UNKNOWN)  MLIST  [oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861
(UNKNOWN)  CONFIRM  http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892
(UNKNOWN)  CONFIRM  http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892
http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz
(PATCH)  CONFIRM  http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz
http://www.kb.cert.org/vuls/id/348126
(VENDOR_ADVISORY)  CERT-VN  VU#348126
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
(UNKNOWN)  CONFIRM  http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.securityfocus.com/bid/64692
(UNKNOWN)  BID  64692
http://www.securitytracker.com/id/1030433
(UNKNOWN)  SECTRACK  1030433
http://www.us-cert.gov/ncas/alerts/TA14-013A
(VENDOR_ADVISORY)  CERT  TA14-013A
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
(UNKNOWN)  CONFIRM  https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232
https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory
(UNKNOWN)  CONFIRM  https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory

- 漏洞信息

NTP monlist功能输入验证漏洞
中危 输入验证
2014-01-03 00:00:00 2014-01-03 00:00:00
远程  
        ntpd(Network Time Protocol daemon)是一个操作系统守护进程,它使用网络时间协议(NTP)与时间服务器的系统时间保持同步。
        NTP 4.2.7p26之前的版本中的ntpd守护进程中的ntp_request.c文件中的monlist功能中存在输入验证漏洞。远程攻击者可通过伪造REQ_MON_GETLIST或REQ_MON_GETLIST_1请求利用该漏洞造成拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://bugs.ntp.org/show_bug.cgi?id=1532

- 漏洞信息 (F124767)

HP Security Bulletin HPSBUX02960 SSRT101419 (PacketStormID:F124767)
2014-01-13 00:00:00
HP  hp.com
advisory,denial of service
hpux
CVE-2013-5211
[点击下载]

HP Security Bulletin HPSBUX02960 SSRT101419 - A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04084148

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04084148
Version: 1

HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service
(DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-01-13
Last Updated: 2014-01-13

Potential Security Impact: Remote Denial of Service (DoS), execution of
arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running
NTP. The vulnerability could be exploited remotely to create a Denial of
Service (DoS).

References: CVE-2013-5211 (SSRT101419)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running NTP version 4.2.6.

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2013-5211    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following workaround to temporarily resolve this
vulnerability. This bulletin will be revised when a General Release patch is
available.

MANUAL ACTIONS: Yes

To prevent the "monlist" DoS vulnerability, configure the following:

Verify the NTPv4 version.

For example:
/usr/sbin/ntpd --version
ntpd 4.2.6p5
ntpd 4.2.6 Revision 0.0 Tue Nov 5 14:21:22 UTC 2012

Modify the ntp.conf on your time server and add the following.

# Block all control queries from external systems, allows time services

restrict default noquery

# Allow local queries

restrict 127.0.0.1

Cycle the ntpd daemon.

/sbin/init.d/ntpd stop
/sbin/init.d/ntpd start

Verification of the workaround.

Test on the local time server using the "ntpq -p" command.
Verify proper operation with output similar to:
remote refid st t when poll reach delay offset disp
======================================
*LOCAL(1) .LOCL. 6 l 13 16 377 0.000 0.000 0.233

On a remote time client, execute ntpdc or xntpdc as follows
# ntpdc -c monlist server.name.with.restrict
A timeout error should occur.
# xntpdc -c monlist xyz.hp.com
xyz.hp.com: timed out, nothing received
***Request timed out
#

HISTORY
Version:1 (rev.1) - 13 January 2014 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel.  For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlLUOUEACgkQ4B86/C0qfVkmlQCg8mFeTO+UynzsMEZmrKCjqTSc
lJwAn31N8anDuC33OqqUw7J4zuTqzImk
=LUiS
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F124791)

FreeBSD Security Advisory - ntpd Denial Of Service (PacketStormID:F124791)
2014-01-15 00:00:00
 
advisory
freebsd
CVE-2013-5211
[点击下载]

FreeBSD Security Advisory - The ntpd(8) daemon supports a query 'monlist' which provides a history of recent NTP clients without any authentication. An attacker can send 'monlist' queries and use that as an amplification of a reflection attack.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-14:02.ntpd                                       Security Advisory
                                                          The FreeBSD Project

Topic:          ntpd distributed reflection Denial of Service vulnerability

Category:       contrib
Module:         ntpd
Announced:      2014-01-14
Affects:        All supported versions of FreeBSD.
Corrected:      2014-01-14 19:04:33 UTC (stable/10, 10.0-PRERELEASE)
                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RELEASE)
                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC5-p1)
                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC4-p1)
                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC3-p1)
                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC2-p1)
                2014-01-14 19:12:40 UTC (releng/10.0, 10.0-RC1-p1)
                2014-01-14 19:20:41 UTC (stable/9, 9.2-STABLE)
                2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)
                2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)
                2014-01-14 19:20:41 UTC (stable/8, 8.4-STABLE)
                2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)
                2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)
CVE Name:       CVE-2013-5211

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I.   Background

The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
used to synchronize the time of a computer system to a reference time
source.

II.  Problem Description

The ntpd(8) daemon supports a query 'monlist' which provides a history of
recent NTP clients without any authentication.

III. Impact

An attacker can send 'monlist' queries and use that as an amplification of
a reflection attack.

IV.  Workaround

The administrator can implement one of the following possible workarounds
to mitigate the attack:

1) Restrict access to ntpd(8).  This can be done by adding the following
lines to /etc/ntp.conf:

restrict -4 default nomodify nopeer noquery notrap
restrict -6 default nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0

And restart the ntpd(8) daemon.  Time service is not affected and the
administrator can still perform queries from local host.

2) Use IP based restrictions in ntpd(8) itself or in IP firewalls to
restrict which systems can access ntpd(8).

3) Replace the base system ntpd(8) with net/ntp-devel (version 4.2.7p76 or
newer)

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch
# fetch http://security.FreeBSD.org/patches/SA-14:02/ntpd.patch.asc
# gpg --verify ntpd.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.

Restart the ntpd(8) daemon, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

Note that the patch would disable monitoring features of ntpd(8) daemon
by default.  If the feature is desirable, the administrator can choose
to enable it and firewall access to ntpd(8) service.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/8/                                                         r260641
releng/8.3/                                                       r260647
releng/8.4/                                                       r260647
stable/9/                                                         r260641
releng/9.1/                                                       r260647
releng/9.2/                                                       r260647
stable/10/                                                        r260639
releng/10.0/                                                      r260641
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:http://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks>

<URL:https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks>

<URL:http://bugs.ntp.org/show_bug.cgi?id=1532>

<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211>

The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:02.ntpd.asc>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJS1ZTLAAoJEO1n7NZdz2rnn7YP/2DcBtR4LAlMLqa9t8WsFVrD
zrfmitYv5xZ6TUGURfQ3mhF4Xv+vSaYt5AWphBjo/Um+dZLTrX3NXJyjLWenCFZ1
vUgoeT4czdh/sWXBO+BdahswttJ6uPO0ZPeW/TpczHMrfG++r6FZtcavYj1gWUPX
rQUEh3IRT5MzzcdiIdQFOpi6OeOP7hem5pNOqYwjyy4L4wrgIUetaMpvqXgi2Wa+
R2vqQNpFAPxKkMkbohLEPRmEK9dXGXejQ7EHFK5jzxInyg32WGFPkJ46bLw3bEsB
sIoh+sxQ3J9mxyaykhX6T7U7PUkzBaNSs62bQE5H8695E30obnZqtfon6qBP5UCT
/kF1+42RIQIPJUFS22NXaUJVOkpd2zyVhwLxgCHg96PHwd1VAC0bnuB4CQt8lN2C
vcOsFcq6CUpMuteURBeiETb0OGWTTT3gyX4T7N4kRKptvmEVUKxZPnmfJCwNHM2I
TzM2HbHaBv9CMIy5X4iDQxLH3w3tSh+IHU6m9cN5rd6JDTa5DQEuRkhaeVbCGHRt
EcSHvUCr+llacITA2rkm1/KPcP97nGgbbM2QbbUVZ/vkdEcImPfrBzrBbaoBzf5p
FTplhJ/4bfF0/Kgt5GTNgQXqtIuEQOs+ljNu2HW+cAfX2Hizlo7jjfMxS0y7/fY2
hBdg8zuXs/rBI2LKUcP6
=7q6W
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F124819)

Gentoo Linux Security Advisory 201401-08 (PacketStormID:F124819)
2014-01-17 00:00:00
Gentoo  security.gentoo.org
advisory,denial of service
linux,gentoo
CVE-2013-5211
[点击下载]

Gentoo Linux Security Advisory 201401-8 - NTP can be abused to amplify Denial of Service attack traffic. Versions less than 4.2.6_p5-r10 are affected.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201401-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: NTP: Traffic amplification
     Date: January 16, 2014
     Bugs: #496776
       ID: 201401-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

NTP can be abused to amplify Denial of Service attack traffic.

Background
==========

NTP is a protocol designed to synchronize the clocks of computers over
a network. The net-misc/ntp package contains the official reference
implementation by the NTP Project.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  net-misc/ntp              < 4.2.6_p5-r10         >= 4.2.6_p5-r10

Description
===========

ntpd is susceptible to a reflected Denial of Service attack. Please
review the CVE identifiers and references below for details.

Impact
======

An unauthenticated remote attacker may conduct a distributed reflective
Denial of Service attack on another user via a vulnerable NTP server.

Workaround
==========

We modified the default ntp configuration in =net-misc/ntp-4.2.6_p5-r10
and added "noquery" to the default restriction which disallows anyone
to query the ntpd status, including "monlist".

If you use a non-default configuration, and provide a ntp service to
untrusted networks, we highly recommend you to revise your
configuration to disable mode 6 and 7 queries for any untrusted
(public) network.

You can always enable these queries for specific trusted networks. For
more details please see the "Access Control Support" chapter in the
ntp.conf(5) man page.

Resolution
==========

All NTP users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.6_p5-r10"

Note that the updated package contains a modified default configuration
only. You may need to modify your configuration further.

References
==========

[ 1 ] CVE-2013-5211
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5211
[ 2 ] VU#348126
      http://www.kb.cert.org/vuls/id/348126

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201401-08.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJS2GxTAAoJEByNLmvcM7DulIwQAIOYyqCmbK80HgcscXBIk1Ff
/mqRuc7EkW7o6+AgTSqp71+oV6pKrQ0rdrj44P8ZtnjLmpXnb5ZQO6VUv7+Bzaqu
kEeP8gSvjwCqIFeqgpYcDmefpaLdd4SkZluECf4ZNyHdclSQ3tLduE5idAwTrMgw
FE5lX2ZdfIPHrJBQXZ0PD4EFA+biwwD/nWBzuJj01DDcII1ULUDJQhEPRP3prM8a
U6asQugmgky/ZqarpymPcldMYUCpwT6PjrvOh1NWPOv5dEscTKEIspSdfelPbLdA
irSM7Z5AOWLDEk/D99jI346mE0Y+YYRoD7ZHqnuVWUZMa8WQ80+B6njYa5+0yRzx
zkq2GouNP6rDJm+sJjYk66RXrn8gwBvq/PYcM1E1qRvjHknU8xlWLLzwhUPefJmO
8uPjnRXa9/ZXBKXCFPN9TcdfqOfmsCCVnIIoZ2k8NCMHfbc/U5yhYxT7MWK9cOOb
2j1elsSA40V65mzyWDU3GwinM8+gG3goCWVOEV9daCvovTbPrGXhGV8OPoDqOoCW
jP7YQSeqx0mlEn7OrIhDsf3h7C8nblCMhZ0ahCgZ997VwXVj1Ngg25DoBN2LmG4H
4KpnRDdjXm4tpVF0vP90X83VY9PaamlBRI8gzZgt2wdYJPhJ1bCf1WRhctK1ywBP
O7T3P0kq5BpFv/GVWOU1
=rXbW
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F125222)

Slackware Security Advisory - ntp Updates (PacketStormID:F125222)
2014-02-15 00:00:00
Slackware Security Team  slackware.com
advisory
linux,slackware
CVE-2013-5211
[点击下载]

Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Related CVE Numbers: CVE-2013-5211.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  ntp (SSA:2014-044-02)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz:  Rebuilt.
  All stable versions of NTP remain vulnerable to a remote attack where the
  "ntpdc -c monlist" command can be used to amplify network traffic as part
  of a denial of service attack.  By default, Slackware is not vulnerable
  since it includes "noquery" as a default restriction.  However, it is
  vulnerable if this restriction is removed.  To help mitigate this flaw,
  "disable monitor" has been added to the default ntp.conf (which will disable
  the monlist command even if other queries are allowed), and the default
  restrictions have been extended to IPv6 as well.
  All users of the NTP daemon should make sure that their ntp.conf contains
  "disable monitor" to prevent misuse of the NTP service.  The new ntp.conf
  file will be installed as /etc/ntp.conf.new with a package upgrade, but the
  changes will need to be merged into any existing ntp.conf file by the admin.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
    http://www.kb.cert.org/vuls/id/348126
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.6p5-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.6p5-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.6p5-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.6p5-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.6p5-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.6p5-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.6p5-i486-3_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.6p5-x86_64-3_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.6p5-i486-5_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.6p5-x86_64-5_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.6p5-i486-5.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.6p5-x86_64-5.txz


MD5 signatures:
+-------------+

Slackware 13.0 package:
3accaa602c77da7b13489043771af46c  ntp-4.2.6p5-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
df5a6488330ea4f272b6989dc7265187  ntp-4.2.6p5-x86_64-1_slack13.0.txz

Slackware 13.1 package:
54a1f268bfa1d08a998fe67a1ac72b25  ntp-4.2.6p5-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
bfa576d25822d68e2774b2e8b2977fee  ntp-4.2.6p5-x86_64-1_slack13.1.txz

Slackware 13.37 package:
5a098aa45264a2db66bb64437e0a5323  ntp-4.2.6p5-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
d46a9faf04b6bb1f10da492bd2150bfe  ntp-4.2.6p5-x86_64-1_slack13.37.txz

Slackware 14.0 package:
8cb41c56322999a0bfd77b62afdb4b78  ntp-4.2.6p5-i486-3_slack14.0.txz

Slackware x86_64 14.0 package:
9b1fef2c9768655d6e563b51ef996cb4  ntp-4.2.6p5-x86_64-3_slack14.0.txz

Slackware 14.1 package:
45a99f84f5b8de1711f55905f2b956bb  ntp-4.2.6p5-i486-5_slack14.1.txz

Slackware x86_64 14.1 package:
09f5e6d88e4eeb3e77629bf4a35bb319  ntp-4.2.6p5-x86_64-5_slack14.1.txz

Slackware -current package:
28f145dd7fa671cd85b507ee5a73ab59  n/ntp-4.2.6p5-i486-5.txz

Slackware x86_64 -current package:
d47b61aa02c44ceb1ea634bd2dc2a7f5  n/ntp-4.2.6p5-x86_64-5.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg ntp-4.2.6p5-i486-5_slack14.1.txz

Ensure that your /etc/ntp.conf contains a line like this:
disable monitor

Then, restart the NTP daemon:

# sh /etc/rc.d/rc.ntpd restart


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlL9XUAACgkQakRjwEAQIjO9egCePT7tnFm64V/3MpfMtYuVJk9P
1LYAniM6+FHj8RJuRhxaY/hDbJz6od47
=ckxP
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F125672)

VMware Security Advisory 2014-0002 (PacketStormID:F125672)
2014-03-12 00:00:00
VMware  vmware.com
advisory
CVE-2013-4332,CVE-2013-5211
[点击下载]

VMware Security Advisory 2014-0002 - VMware has updated vSphere third party libraries.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2014-0002
Synopsis:    VMware vSphere updates to third party libraries 
Issue date:  2014-03-11
Updated on:  2014-03-11 (initial advisory)
CVE numbers: --NTP ---
             CVE-2013-5211
             --glibc (service console) ---
             CVE-2013-4332
             --JRE--
             See references
- -----------------------------------------------------------------------

1. Summary

   VMware has updated vSphere third party libraries.

2. Relevant releases

   vCenter Server Appliance 5.5 prior to 5.5 Update 1 

   VMware vCenter Server 5.5 prior 5.5 Update 1

   VMware Update Manager 5.5 prior 5.5 Update 1

   VMware ESXi 5.5 without patch ESXi550-201403101-SG
    
3. Problem Description

   a. DDoS vulnerability in NTP third party libraries

      The NTP daemon has a DDoS vulnerability in the handling of the
      "monlist" command. An attacker may send a forged request to a
      vulnerable NTP server resulting in an amplified response to the
      intended target of the DDoS attack. 
      
      Mitigation

      Mitigation for this issue is documented in VMware Knowledge Base
      article 2070193. This article also documents when vSphere 
      products are affected.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the name CVE-2013-5211 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware		Product	Running	Replace with/
      Product		Version	on	Apply Patch
      =============	=======	=======	=================
      VCSA		5.5	Linux	5.5 Update 1  
      VCSA		5.1	Linux	patch pending 
      VCSA		5.0	Linux	patch pending 
      
      ESXi		5.5	ESXi	ESXi550-201403101-SG
      ESXi		5.1	ESXi	patch pending 
      ESXi		5.0	ESXi	patch pending 
      ESXi		4.1	ESXi	patch pending 
      ESXi		4.0	ESXi	patch pending 
	
      ESX		4.1	ESX	patch pending 
      ESX		4.0	ESX	patch pending 


  b. Update to ESXi glibc package

     The ESXi glibc package is updated to version
     glibc-2.5-118.el5_10.2 to resolve a security issue.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2013-4332 to this issue.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware          Product   Running  Replace with/
     Product         Version   on       Apply Patch
     ==============  ========  =======  =================
     ESXi            5.5       ESXi     ESXi550-201403101-SG
     ESXi            5.1       ESXi     patch pending
     ESXi            5.0       ESXi     patch pending 
     ESXi            4.1       ESXi     no patch planned
     ESXi            4.0       ESXi     no patch planned

     ESX             4.1       ESX      not applicable
     ESX             4.0       ESX      not applicable

  c. vCenter and Update Manager, Oracle JRE 1.7 Update 45
      
     Oracle JRE is updated to version JRE 1.7 Update 45, which
     addresses multiple security issues that existed in earlier
     releases of Oracle JRE. 

     Oracle has documented the CVE identifiers that are addressed
     in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch 
     Update Advisory of October 2013. The References section provides
     a link to this advisory.

     Column 4 of the following table lists the action required to
     remediate the vulnerability in each release, if a solution is
     available.

     VMware	      Product	Running	Replace with/
     Product	      Version	on	Apply Patch
     =============    =======	======= =================
     vCenter Server   5.5       Any     5.5 Update 1  
     vCenter Server   5.1	Any	not applicable **
     vCenter Server   5.0	Any	not applicable **
     vCenter Server   4.1	Windows	not applicable **
     vCenter Server   4.0	Windows	not applicable *

     Update Manager   5.5       Windows 5.5 Update 1 
     Update Manager   5.1	Windows	not applicable **
     Update Manager   5.0	Windows	not applicable **
     Update Manager   4.1	Windows	not applicable *
     Update Manager   4.0	Windows	not applicable *

     ESXi	      any	ESXi	not applicable

     ESX	      4.1	ESX	not applicable **
     ESX	      4.0	ESX	not applicable *
   
     * this product uses the Oracle JRE 1.5.0 family
     ** this product uses the Oracle JRE 1.6.0 family
 
4. Solution

   Please review the patch/release notes for your product and version
   and verify the checksum of your downloaded file. 
      
   vCenter Server 5.5 
   --------------------------
   Download link: 
  
https://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_
vsphere/5_5

   Release Notes: 
  
https://www.vmware.com/support/vsphere5/doc/vsphere-vcenter-server-55u1-rel
ease-notes.html

   ESXi 5.5 
   -----------------
   File: update-from-esxi5.5-5.5_update01.zip
   md5sum:5773844efc7d8e43135de46801d6ea25
   sha1sum:6518355d260e81b562c66c5016781db9f077161f
   http://kb.vmware.com/kb/2065826
   update-from-esxi5.5-5.5_update01 contains ESXi550-201403101-SG

5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4332

   --------- jre --------- 
   Oracle Java SE Critical Patch Update Advisory of October 2013
  
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

   VMware Knowledge Base article 2070193
   http://kb.vmware.com/kb/2070193 

- -----------------------------------------------------------------------

6. Change log

   2014-03-11 VMSA-2014-0002
   Initial security advisory in conjunction with the release of
   vSphere 5.5 Update 1 on 2014-03-11

- -----------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

   * security-announce at lists.vmware.com
   * bugtraq at securityfocus.com
   * full-disclosure at lists.grok.org.uk

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   VMware security response policy
   http://www.vmware.com/support/policies/security_response.html

   General support life cycle policy
   http://www.vmware.com/support/policies/eos.html

   Twitter
   https://twitter.com/VMwareSRC

Copyright 2014 VMware Inc.  All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8

wj8DBQFTH88dDEcm8Vbi9kMRAk4tAKDRKjU8Cy0yRda8qaYUgMHjE2TjWACfVUKN
tROYSCy5mukUini1T520gy4=
=GT44
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F126371)

NTP DDoS Amplification (PacketStormID:F126371)
2014-04-28 00:00:00
Danilo PC  
exploit,denial of service
CVE-2013-5211
[点击下载]

NTP ntpd monlist query reflection denial of service exploit.

- 漏洞信息 (F126472)

NTP DDoS Amplification (PacketStormID:F126472)
2014-05-05 00:00:00
Danilo PC  
exploit,denial of service
CVE-2013-5211
[点击下载]

NTP distributed denial of service amplification tool that uses "get monlist".

- 漏洞信息 (F126791)

HP Security Bulletin HPSBUX02960 SSRT101419 3 (PacketStormID:F126791)
2014-05-24 00:00:00
HP  hp.com
advisory,denial of service
hpux
CVE-2013-5211
[点击下载]

HP Security Bulletin HPSBUX02960 SSRT101419 3 - A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 3 of this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04084148

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04084148
Version: 3

HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service
(DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-01-13
Last Updated: 2014-05-23

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running
NTP. The vulnerability could be exploited remotely to create a Denial of
Service (DoS).

References: CVE-2013-5211 (SSRT101419)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running NTP v4.2.6 or XNTP v3.5
HP-UX B.11.23 running XNTP v3.5

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2013-5211    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following workaround to temporarily resolve this
vulnerability. This bulletin will be revised when a General Release patch for
HP-UX B.11.31 is available.
NOTE: No patches for XNTP v3.5 on HP-UX B.11.23 and HP-UX B.11.31 will be
made. Customers must disable "monlist" as follows.

MANUAL ACTIONS: Yes

To prevent the "monlist" DoS vulnerability, configure the following:

Verify that XNTP is installed, is running on your system, and verify the
NTPv4 version.

For example:

a. Verify XNTP is installed on the system:

ls -la /usr/sbin/xntpd

For NTP v4:

lr-xr--r-- 1 bin bin 14 Aug 9 2013 /usr/sbin/xntpd -> /usr/sbin/ntpd

For XNTP v3.5:

lr-xr--r-- 1 bin bin 741052 May 9 2013 /usr/sbin/xntpd -> /usr/sbin/ntpd

b. Check if the NTP process is running

ps -ef | grep ntp

For NTP v4:

root 124 1 0 06:46:18 ? 0:00 /usr/sbin/ntpd

For XNTP v3.5:

root 22248 1 0 06:25:28 ? 0:00 /usr/sbin/xntpd

c. Verify the NTP v4 version

/usr/sbin/ntpd --version

For NTP v4:

ntpd 4.2.6p5

For XNTP v3.5:

ntpd 4.2.6 Revision 0.0 Tue Nov 5 14:21:22 UTC 2012

Modify the ntp.conf on your time server and add either one of the two
following entries.

Entry Option #1

# Block all control queries from external systems, allows time services

restrict default noquery

# Allow local queries

restrict 127.0.0.1

Entry Option #2

# disable "monitor" queries. This will disable only

# monlist queries, even local.

disable monitor

Cycle the ntpd daemon (for NTP v4 and XNTP v3.5).

/sbin/init.d/ntpd stop
/sbin/init.d/ntpd start

Verification of the workaround.

Test on the local time server using the "ntpq -p" command.

Verify proper operation with output similar to:
remote refid st t when poll reach delay offset disp
======================================
*LOCAL(1) .LOCL. 6 l 13 16 377 0.000 0.000 0.233

On a remote time client, execute ntpdc or xntpdc as follows:
# ntpdc -c monlist server.name.with.restrict.or.disable
or
# xntpdc -c monlist server.name.with.restrict.or.disable
A timeout error should occur.
# xntpdc -c monlist xyz.hp.com
xyz.hp.com: timed out, nothing received
***Request timed out
#

HISTORY
Version:1 (rev.1) - 13 January 2014 Initial release
Version:2 (rev.2) - 15 January 2014 Added configuration options in workaround
Version:3 (rev.3) - 23 May 2014 Expanded Supported Software Versions scope;
added HP-UX B.11.23 and HP-UX B.11.31 XNTP workaround

Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel.  For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlN/06oACgkQ4B86/C0qfVkwzACfT1iOY8mRDPc0c+RTE4M7Ma+r
G74AoIup4aq/jwy9Zp6HDIbOc+bxeoDl
=p6Pu
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F127492)

NTP Amplification Denial Of Service Tool (PacketStormID:F127492)
2014-07-16 00:00:00
DaRkReD  
exploit,proof of concept,python
CVE-2013-5211
[点击下载]

Proof of concept code to exploit an NTP amplification attack. Written in Python.

*ERROR*    

- 漏洞信息 (F133517)

HP Security Bulletin HPSBOV03505 1 (PacketStormID:F133517)
2015-09-10 00:00:00
HP  hp.com
advisory,denial of service,tcp,vulnerability
CVE-2013-5211,CVE-2014-9293,CVE-2014-9294,CVE-2014-9295,CVE-2014-9296
[点击下载]

HP Security Bulletin HPSBOV03505 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. These vulnerabilities could be exploited remotely to allow unauthenticated attackers to execute code with the privileges of ntpd or cause a Denial of Service (DoS). Revision 1 of this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04790232

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04790232
Version: 1

HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code
Execution, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-09-09
Last Updated: 2015-09-09

Potential Security Impact: Remote denial of service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with the TCP/IP
Services for OpenVMS running NTP. These vulnerabilities could be exploited
remotely to allow unauthenticated attackers to execute code with the
privileges of ntpd or cause a Denial of Service (DoS).

References:

CVE-2014-9293
CVE-2014-9294
CVE-2014-9295
CVE-2014-9296
CVE-2013-5211
SSRT102239

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
TCP/IP Services for OpenVMS V5.7 ECO5 running NTP

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2014-9293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5
CVE-2014-9294    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5
CVE-2014-9295    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5
CVE-2014-9296    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0
CVE-2013-5211    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following patch kits available to resolve the vulnerabilities
with TCP/IP Services for OpenVMS running NTP.

  Platform
   Patch Kit Name

  Alpha IA64 V8.4
   75-117-380_2015-08-24.BCK

  NOTE: Please contact OpenVMS Technical Support to request these patch kits.

HISTORY
Version:1 (rev.1) - 9 September 2015 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel.  For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlXwZCIACgkQ4B86/C0qfVnzEgCgiXqWgXuMQbuvTN5c3rPCpb7B
ZqgAn1xVunA+Qf19BTWxwpIIAdZ7pD19
=whX0
-----END PGP SIGNATURE-----
    

- 漏洞信息

101576
NTP ntpd monlist Query Reflection Remote DDoS
Remote / Network Access Infrastructure
Loss of Availability Upgrade
Exploit Public Vendor Verified

- 漏洞描述

NTP contains a flaw in the monlist functionality in ntpd. The issue is triggered when sending a specially crafted packet load to the query function in monlist. This can result in a saturation of network traffic to a specific IP address. This may allow a remote attacker to conduct a distributed denial-of-service (DDoS) to hamer a certain user or server's internet access.

- 时间线

2013-11-22 Unknow
2013-11-22 Unknow

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 4.2.7, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NTP 'ntp_request.c' Remote Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 64692
Yes No
2013-12-30 12:00:00 2013-12-30 12:00:00
Dave Hart

- 受影响的程序版本

- 漏洞讨论

NTP is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users.

NTP 4.2.7 is vulnerable; other versions may also be affected.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站