Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2017-511.NASL
HistoryApr 27, 2017 - 12:00 a.m.

openSUSE Security Update : ntp (openSUSE-2017-511)

2017-04-2700:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.089 Low

EPSS

Percentile

94.6%

JSON

This ntp update to version 4.2.8p10 fixes serveral issues.

This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details.

Security issues fixed (bsc#1030050) :

  • CVE-2017-6464: Denial of Service via Malformed Config

  • CVE-2017-6462: Buffer Overflow in DPTS Clock

  • CVE-2017-6463: Authenticated DoS via Malicious Config Option

  • CVE-2017-6458: Potential Overflows in ctl_put() functions

  • CVE-2017-6451: Improper use of snprintf() in mx4200_send()

  • CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist

  • CVE-2016-9042: 0rigin (zero origin) DoS.

  • ntpq_stripquotes() returns incorrect Value

  • ereallocarray()/eallocarray() underused

  • Copious amounts of Unused Code

  • Off-by-one in Oncore GPS Receiver

  • Makefile does not enforce Security Flags

Bugfixes :

  • Remove spurious log messages (bsc#1014172).

  • clang scan-build findings

  • Support for openssl-1.1.0 without compatibility modes

  • Bugfix 3072 breaks multicastclient

  • forking async worker: interrupted pipe I/O

  • (โ€ฆ) time_pps_create: Exec format error

  • Incorrect Logic for Peer Event Limiting

  • Change the process name of forked DNS worker

  • Trap Configuration Fail

  • Nothing happens if minsane < maxclock < minclock

  • allow -4/-6 on restrict line with mask

  • out-of-bound pointers in ctl_putsys and decode_bitflags

  • Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates.

This update was imported from the SUSE:SLE-12-SP1:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-511.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99700);
  script_version("3.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-9042", "CVE-2017-6451", "CVE-2017-6458", "CVE-2017-6460", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464");

  script_name(english:"openSUSE Security Update : ntp (openSUSE-2017-511)");
  script_summary(english:"Check for the openSUSE-2017-511 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This ntp update to version 4.2.8p10 fixes serveral issues.

This updated enables leap smearing. See
/usr/share/doc/packages/ntp/README.leapsmear for details.

Security issues fixed (bsc#1030050) :

  - CVE-2017-6464: Denial of Service via Malformed Config

  - CVE-2017-6462: Buffer Overflow in DPTS Clock

  - CVE-2017-6463: Authenticated DoS via Malicious Config
    Option

  - CVE-2017-6458: Potential Overflows in ctl_put()
    functions

  - CVE-2017-6451: Improper use of snprintf() in
    mx4200_send()

  - CVE-2017-6460: Buffer Overflow in ntpq when fetching
    reslist

  - CVE-2016-9042: 0rigin (zero origin) DoS.

  - ntpq_stripquotes() returns incorrect Value

  - ereallocarray()/eallocarray() underused

  - Copious amounts of Unused Code

  - Off-by-one in Oncore GPS Receiver

  - Makefile does not enforce Security Flags

Bugfixes :

  - Remove spurious log messages (bsc#1014172).

  - clang scan-build findings

  - Support for openssl-1.1.0 without compatibility modes

  - Bugfix 3072 breaks multicastclient

  - forking async worker: interrupted pipe I/O

  - (...) time_pps_create: Exec format error

  - Incorrect Logic for Peer Event Limiting

  - Change the process name of forked DNS worker

  - Trap Configuration Fail

  - Nothing happens if minsane < maxclock < minclock

  - allow -4/-6 on restrict line with mask

  - out-of-bound pointers in ctl_putsys and decode_bitflags

  - Move ntp-kod to /var/lib/ntp, because /var/db is not a
    standard directory and causes problems for transactional
    updates.

This update was imported from the SUSE:SLE-12-SP1:Update update
project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1014172"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030050"
  );
  # https://features.opensuse.org/321003
  script_set_attribute(
    attribute:"see_also",
    value:"https://features.opensuse.org/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected ntp packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ntp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ntp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ntp-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.1", reference:"ntp-4.2.8p10-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"ntp-debuginfo-4.2.8p10-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"ntp-debugsource-4.2.8p10-31.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"ntp-4.2.8p10-29.3.2") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"ntp-debuginfo-4.2.8p10-29.3.2") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"ntp-debugsource-4.2.8p10-29.3.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntp-debuginfo / ntp-debugsource");
}
VendorProductVersionCPE
novellopensusentpp-cpe:/a:novell:opensuse:ntp
novellopensusentp-debuginfop-cpe:/a:novell:opensuse:ntp-debuginfo
novellopensusentp-debugsourcep-cpe:/a:novell:opensuse:ntp-debugsource
novellopensuse42.1cpe:/o:novell:opensuse:42.1
novellopensuse42.2cpe:/o:novell:opensuse:42.2

Related

nessus 48
openvas 19
fedora 3
ibm 14
amazon 2
mageia 1
freebsd 1
freebsd_advisory 1
aix 1
slackware 1
symantec 1
redhat 2
centos 2
oraclelinux 3
ubuntu 2
cloudfoundry 1
cve 7
prion 7
redhatcve 7
cvelist 7
nvd 7
f5 7
debiancve 7
paloalto 1
ubuntucve 7
checkpoint_advisories 1
veracode 4
talos 1
seebug 1
ics 1
apple 2
nessus
nessus
SUSE SLES11 Security Update : ntp (SUSE-SU-2017:1052-1)
2017-04-19 00:00:00
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)
2017-04-19 00:00:00
SUSE SLES12 Security Update : ntp (SUSE-SU-2017:1047-1)
2017-04-19 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1052-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1047-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1048-1)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: ntp-4.2.8p10-1.fc26
2017-04-01 18:10:49
[SECURITY] Fedora 25 Update: ntp-4.2.6p5-44.fc25
2017-03-29 01:35:03
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-44.fc24
2017-04-18 16:49:59
ibm
ibm
Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
2023-04-14 14:32:25
Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM)
2018-06-18 01:38:11
Security Bulletin: Vulnerabilities in NTP affect IBM Chassis Management Module
2019-01-31 02:25:02
amazon
amazon
Medium: ntp
2017-04-20 05:54:00
Medium: ntp
2018-05-10 17:11:00
mageia
mageia
Updated ntp packages fix security vulnerability
2017-05-09 09:35:29
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities of ntp
2017-04-12 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-17:03.ntp
2017-04-12 00:00:00
aix
aix
There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX,There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.,There are multiple vulnerabilities in NTPv3 and NTPv4 that impact VIOS
2017-07-06 14:53:51
slackware
slackware
[slackware-security] ntp
2017-04-22 16:42:41
symantec
symantec
SA147 : March 2017 NTP Security Vulnerabilities
2017-04-13 08:00:00
redhat
redhat
(RHSA-2018:0855) Moderate: ntp security, bug fix, and enhancement update
2018-04-10 05:02:34
(RHSA-2017:3071) Moderate: ntp security update
2017-10-26 06:19:03
centos
centos
ntp, ntpdate security update
2017-10-26 11:47:10
ntp, ntpdate, sntp security update
2018-04-26 17:47:34
oraclelinux
oraclelinux
ntp security update
2018-12-19 00:00:00
ntp security, bug fix, and enhancement update
2018-04-16 00:00:00
ntp security update
2017-10-26 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2017-07-05 00:00:00
NTP vulnerabilities
2019-01-23 00:00:00
cloudfoundry
cloudfoundry
USN-3349-1: NTP vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
cve
cve
CVE-2016-9042
2018-06-04 20:29:00
CVE-2017-6460
2017-03-27 17:59:00
CVE-2017-6451
2017-03-27 17:59:00
prion
prion
Race condition
2018-06-04 20:29:00
Stack overflow
2017-03-27 17:59:00
Out-of-bounds
2017-03-27 17:59:00
redhatcve
redhatcve
CVE-2016-9042
2017-03-22 02:17:57
CVE-2017-6460
2017-03-22 02:18:22
CVE-2017-6451
2017-03-22 02:18:05
cvelist
cvelist
CVE-2016-9042
2017-03-29 00:00:00
CVE-2017-6460
2017-03-27 17:00:00
CVE-2017-6451
2017-03-27 17:00:00
nvd
nvd
CVE-2016-9042
2018-06-04 20:29:00
CVE-2017-6460
2017-03-27 17:59:00
CVE-2017-6451
2017-03-27 17:59:00
f5
f5
K39041624 : NTP vulnerability CVE-2016-9042
2017-05-11 00:00:00
K31310492 : NTP vulnerability CVE-2017-6460
2017-05-08 00:00:00
K32262483 : NTP vulnerability CVE-2017-6451
2017-05-08 00:00:00
debiancve
debiancve
CVE-2016-9042
2018-06-04 20:29:00
CVE-2017-6460
2017-03-27 17:59:00
CVE-2017-6451
2017-03-27 17:59:00
paloalto
paloalto
NTP Vulnerability
2017-07-27 17:15:00
ubuntucve
ubuntucve
CVE-2017-6460
2017-03-27 00:00:00
CVE-2017-6451
2017-03-27 00:00:00
CVE-2017-6464
2017-03-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Network Time Protocol Daemon peer xmit mode Denial of Service (CVE-2017-6464)
2017-05-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:19
Arbitrary Code Execution
2020-09-21 06:30:33
Denial Of Service (DoS)
2019-01-15 09:19:43
talos
talos
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability
2017-03-29 00:00:00
seebug
seebug
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)
2017-09-20 00:00:00
ics
ics
Siemens SIMATIC NET CP 443-1 OPC UA
2021-06-08 12:00:00
apple
apple
About the security content of macOS High Sierra 10.13
2017-09-25 00:00:00
About the security content of macOS High Sierra 10.13 - Apple Support
2020-02-06 07:51:09

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.089 Low

EPSS

Percentile

94.6%

JSON
Related for OPENSUSE-2017-511.NASL
nessus48openvas19fedora3ibm14amazon2mageia1freebsd1freebsd_advisory1aix1slackware1symantec1redhat2centos2oraclelinux3ubuntu2cloudfoundry1cve7prion7redhatcve7cvelist7nvd7f57debiancve7paloalto1ubuntucve7checkpoint_advisories1veracode4talos1seebug1ics1apple2