English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.2.2019.1555
Categoría:Huawei EulerOS Local Security Checks
Título:Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2019-1555)
Resumen:The remote host is missing an update for the Huawei EulerOS 'ntp' package(s) announced via the EulerOS-SA-2019-1555 advisory.
Descripción:Summary:
The remote host is missing an update for the Huawei EulerOS 'ntp' package(s) announced via the EulerOS-SA-2019-1555 advisory.

Vulnerability Insight:
It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.(CVE-2016-7426)

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.(CVE-2015-8139)

A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd.(CVE-2015-7977)

A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash.(CVE-2017-6462)

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.(CVE-2016-4954)

It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands.(CVE-2015-5194)

It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet.(CVE-2015-5219)

It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client.(CVE-2015-8138)

It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd.(CVE-2015-7702)

Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.(CVE-2014-9295)

It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'ntp' package(s) on Huawei EulerOS Virtualization 3.0.1.0.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-9293
BugTraq ID: 71757
http://www.securityfocus.com/bid/71757
CERT/CC vulnerability note: VU#852879
http://www.kb.cert.org/vuls/id/852879
Cisco Security Advisory: 20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
HPdes Security Advisory: HPSBGN03277
http://marc.info/?l=bugtraq&m=142590659431171&w=2
HPdes Security Advisory: HPSBOV03505
http://marc.info/?l=bugtraq&m=144182594518755&w=2
HPdes Security Advisory: HPSBPV03266
http://marc.info/?l=bugtraq&m=142469153211996&w=2
HPdes Security Advisory: HPSBUX03240
http://marc.info/?l=bugtraq&m=142853370924302&w=2
HPdes Security Advisory: SSRT101872
http://www.mandriva.com/security/advisories?name=MDVSA-2015:003
RedHat Security Advisories: RHSA-2014:2025
http://rhn.redhat.com/errata/RHSA-2014-2025.html
RedHat Security Advisories: RHSA-2015:0104
http://rhn.redhat.com/errata/RHSA-2015-0104.html
http://secunia.com/advisories/62209
Common Vulnerability Exposure (CVE) ID: CVE-2014-9295
BugTraq ID: 71761
http://www.securityfocus.com/bid/71761
SuSE Security Announcement: openSUSE-SU-2014:1670 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-1799
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
BugTraq ID: 73950
http://www.securityfocus.com/bid/73950
CERT/CC vulnerability note: VU#374268
http://www.kb.cert.org/vuls/id/374268
Cisco Security Advisory: 20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd
Cisco Security Advisory: 20150408 Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/viewAlert.x?alertId=38275
Debian Security Information: DSA-3222 (Google Search)
http://www.debian.org/security/2015/dsa-3222
Debian Security Information: DSA-3223 (Google Search)
http://www.debian.org/security/2015/dsa-3223
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html
https://security.gentoo.org/glsa/201509-01
HPdes Security Advisory: HPSBHF03557
http://marc.info/?l=bugtraq&m=145750740530849&w=2
HPdes Security Advisory: HPSBUX03333
http://marc.info/?l=bugtraq&m=143213867103400&w=2
HPdes Security Advisory: SSRT102029
http://www.mandriva.com/security/advisories?name=MDVSA-2015:202
http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html
RedHat Security Advisories: RHSA-2015:1459
http://rhn.redhat.com/errata/RHSA-2015-1459.html
http://www.securitytracker.com/id/1032031
SuSE Security Announcement: openSUSE-SU-2015:0775 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html
http://www.ubuntu.com/usn/USN-2567-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5194
BugTraq ID: 76475
http://www.securityfocus.com/bid/76475
Debian Security Information: DSA-3388 (Google Search)
http://www.debian.org/security/2015/dsa-3388
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html
http://www.openwall.com/lists/oss-security/2015/08/25/3
RedHat Security Advisories: RHSA-2016:0780
http://rhn.redhat.com/errata/RHSA-2016-0780.html
RedHat Security Advisories: RHSA-2016:2583
http://rhn.redhat.com/errata/RHSA-2016-2583.html
SuSE Security Announcement: SUSE-SU:2016:1311 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
SuSE Security Announcement: SUSE-SU:2016:1912 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
SuSE Security Announcement: SUSE-SU:2016:2094 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://www.ubuntu.com/usn/USN-2783-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5219
BugTraq ID: 76473
http://www.securityfocus.com/bid/76473
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html
SuSE Security Announcement: openSUSE-SU:2016:3280 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7692
BugTraq ID: 77285
http://www.securityfocus.com/bid/77285
https://security.gentoo.org/glsa/201607-15
http://www.securitytracker.com/id/1033951
Common Vulnerability Exposure (CVE) ID: CVE-2015-7702
BugTraq ID: 77286
http://www.securityfocus.com/bid/77286
Common Vulnerability Exposure (CVE) ID: CVE-2015-7704
BugTraq ID: 77280
http://www.securityfocus.com/bid/77280
CERT/CC vulnerability note: VU#718152
https://www.kb.cert.org/vuls/id/718152
https://eprint.iacr.org/2015/1020.pdf
https://www.cs.bu.edu/~goldbe/NTPattack.html
RedHat Security Advisories: RHSA-2015:1930
http://rhn.redhat.com/errata/RHSA-2015-1930.html
RedHat Security Advisories: RHSA-2015:2520
http://rhn.redhat.com/errata/RHSA-2015-2520.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7977
BugTraq ID: 81815
http://www.securityfocus.com/bid/81815
Cisco Security Advisory: 20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
Debian Security Information: DSA-3629 (Google Search)
http://www.debian.org/security/2016/dsa-3629
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html
FreeBSD Security Advisory: FreeBSD-SA-17:03
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
http://www.securitytracker.com/id/1034782
SuSE Security Announcement: SUSE-SU-2016:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
SuSE Security Announcement: SUSE-SU-2016:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://www.ubuntu.com/usn/USN-3096-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-8138
BugTraq ID: 81811
http://www.securityfocus.com/bid/81811
Cisco Security Advisory: 20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
Cisco Security Advisory: 20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
RedHat Security Advisories: RHSA-2016:0063
http://rhn.redhat.com/errata/RHSA-2016-0063.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8139
BugTraq ID: 82105
http://www.securityfocus.com/bid/82105
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
Common Vulnerability Exposure (CVE) ID: CVE-2015-8158
BugTraq ID: 81814
http://www.securityfocus.com/bid/81814
Common Vulnerability Exposure (CVE) ID: CVE-2016-1547
BugTraq ID: 88276
http://www.securityfocus.com/bid/88276
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
http://www.talosintelligence.com/reports/TALOS-2016-0081/
RedHat Security Advisories: RHSA-2016:1141
https://access.redhat.com/errata/RHSA-2016:1141
RedHat Security Advisories: RHSA-2016:1552
http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://www.securitytracker.com/id/1035705
Common Vulnerability Exposure (CVE) ID: CVE-2016-1548
BugTraq ID: 88264
http://www.securityfocus.com/bid/88264
Bugtraq: 20160429 [slackware-security] ntp (SSA:2016-120-01) (Google Search)
http://www.securityfocus.com/archive/1/538233/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded
https://www.debian.org/security/2016/dsa-3629
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html
http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html
http://www.talosintelligence.com/reports/TALOS-2016-0082/
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082
SuSE Security Announcement: SUSE-SU-2016:1278 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
SuSE Security Announcement: SUSE-SU-2016:1291 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
SuSE Security Announcement: SUSE-SU-2016:1471 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
SuSE Security Announcement: SUSE-SU-2016:1568 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
SuSE Security Announcement: openSUSE-SU-2016:1329 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-1550
BugTraq ID: 88261
http://www.securityfocus.com/bid/88261
http://www.talosintelligence.com/reports/TALOS-2016-0084/
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084
Common Vulnerability Exposure (CVE) ID: CVE-2016-4954
Bugtraq: 20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp (Google Search)
http://www.securityfocus.com/archive/1/538600/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded
Bugtraq: 20160604 [slackware-security] ntp (SSA:2016-155-01) (Google Search)
http://www.securityfocus.com/archive/1/538599/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded
Bugtraq: 20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS) (Google Search)
http://www.securityfocus.com/archive/1/540683/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded
CERT/CC vulnerability note: VU#321640
http://www.kb.cert.org/vuls/id/321640
https://www.kb.cert.org/vuls/id/321640
Cisco Security Advisory: 20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc
http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html
http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html
http://www.securitytracker.com/id/1036037
SuSE Security Announcement: SUSE-SU-2016:1563 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html
SuSE Security Announcement: SUSE-SU-2016:1584 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html
SuSE Security Announcement: SUSE-SU-2016:1602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html
SuSE Security Announcement: openSUSE-SU-2016:1583 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html
SuSE Security Announcement: openSUSE-SU-2016:1636 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7426
BugTraq ID: 94451
http://www.securityfocus.com/bid/94451
CERT/CC vulnerability note: VU#633847
https://www.kb.cert.org/vuls/id/633847
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc
RedHat Security Advisories: RHSA-2017:0252
http://rhn.redhat.com/errata/RHSA-2017-0252.html
http://www.securitytracker.com/id/1037354
https://usn.ubuntu.com/3707-2/
Common Vulnerability Exposure (CVE) ID: CVE-2016-9310
BugTraq ID: 94452
http://www.securityfocus.com/bid/94452
Common Vulnerability Exposure (CVE) ID: CVE-2017-6462
BugTraq ID: 97045
http://www.securityfocus.com/bid/97045
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc
RedHat Security Advisories: RHSA-2017:3071
https://access.redhat.com/errata/RHSA-2017:3071
RedHat Security Advisories: RHSA-2018:0855
https://access.redhat.com/errata/RHSA-2018:0855
http://www.securitytracker.com/id/1038123
Common Vulnerability Exposure (CVE) ID: CVE-2017-6464
BugTraq ID: 97050
http://www.securityfocus.com/bid/97050
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.