Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.105920
Kategorie:JunOS Local Security Checks
Titel:Junos NTP Server Amplification Denial of Service Vulnerability
Zusammenfassung:DoS in NTP server
Beschreibung:Summary:
DoS in NTP server

Vulnerability Insight:
When an NTP client or server is enabled within the [edit system
ntp] hierarchy level of the Junos configuration, REQ_MON_GETLIST and REQ_MON_GETLIST_1 control messages
supported by the monlist feature within NTP may allow remote attackers to cause a denial of service. NTP
is not enabled in Junos by default.

Vulnerability Impact:
If NTP is enabled an attacker can exploit the control messages to use
it as part of a DoS attack against a remote victim or as the target of an attack against the device itself.

Affected Software/OS:
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3

Solution:
New builds of Junos OS software are available from Juniper.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: BugTraq ID: 64692
Common Vulnerability Exposure (CVE) ID: CVE-2013-5211
http://www.securityfocus.com/bid/64692
Cert/CC Advisory: TA14-013A
http://www.us-cert.gov/ncas/alerts/TA14-013A
CERT/CC vulnerability note: VU#348126
http://www.kb.cert.org/vuls/id/348126
HPdes Security Advisory: HPSBOV03505
http://marc.info/?l=bugtraq&m=144182594518755&w=2
HPdes Security Advisory: HPSBUX02960
http://marc.info/?l=bugtraq&m=138971294629419&w=2
HPdes Security Advisory: SSRT101419
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
http://openwall.com/lists/oss-security/2013/12/30/6
http://openwall.com/lists/oss-security/2013/12/30/7
http://lists.ntp.org/pipermail/pool/2011-December/005616.html
http://www.securitytracker.com/id/1030433
http://secunia.com/advisories/59288
http://secunia.com/advisories/59726
SuSE Security Announcement: openSUSE-SU-2014:1149 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html
CopyrightThis script is Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.