Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2017-0038.NASL
HistoryFeb 08, 2017 - 12:00 a.m.

OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0038)

2017-02-0800:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
146

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.967 High

EPSS

Percentile

99.7%

JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

  • add disable monitor to default ntp.conf [CVE-2013-5211]

  • don’t limit rate of packets from sources (CVE-2016-7426)

  • don’t change interface from received packets (CVE-2016-7429)

  • fix calculation of root distance again (CVE-2016-7433)

  • require authentication for trap commands (CVE-2016-9310)

  • fix crash when reporting peer event to trappers (CVE-2016-9311)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2017-0038.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(97058);
  script_version("3.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2013-5211", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-9310", "CVE-2016-9311");
  script_bugtraq_id(64692);

  script_name(english:"OracleVM 3.3 / 3.4 : ntp (OVMSA-2017-0038)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

  - add disable monitor to default ntp.conf [CVE-2013-5211]

  - don't limit rate of packets from sources (CVE-2016-7426)

  - don't change interface from received packets
    (CVE-2016-7429)

  - fix calculation of root distance again (CVE-2016-7433)

  - require authentication for trap commands (CVE-2016-9310)

  - fix crash when reporting peer event to trappers
    (CVE-2016-9311)"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000645.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?798cb9e7"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000646.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3c07bfe5"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected ntp / ntpdate packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:ntp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:ntpdate");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/08");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.3", reference:"ntp-4.2.6p5-10.0.1.el6_8.2")) flag++;
if (rpm_check(release:"OVS3.3", reference:"ntpdate-4.2.6p5-10.0.1.el6_8.2")) flag++;

if (rpm_check(release:"OVS3.4", reference:"ntp-4.2.6p5-10.0.1.el6_8.2")) flag++;
if (rpm_check(release:"OVS3.4", reference:"ntpdate-4.2.6p5-10.0.1.el6_8.2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntp / ntpdate");
}
VendorProductVersionCPE
oraclevmntpp-cpe:/a:oracle:vm:ntp
oraclevmntpdatep-cpe:/a:oracle:vm:ntpdate
oraclevm_server3.3cpe:/o:oracle:vm_server:3.3
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

Related

oraclelinux 5
fedora 3
nessus 57
ibm 18
openvas 26
centos 1
redhat 1
amazon 3
mageia 2
slackware 2
huawei 1
archlinux 1
cert 2
symantec 1
freebsd 3
freebsd_advisory 2
cisco 1
aix 2
ubuntu 2
cloudfoundry 1
nvd 6
prion 6
veracode 4
f5 4
cve 6
ubuntucve 5
cvelist 6
threatpost 4
checkpoint_advisories 1
zdt 1
securityvulns 3
suse 1
debiancve 6
exploitpack 1
packetstorm 1
redhatcve 5
gentoo 1
ics 1
checkpoint_security 1
metasploit 1
fortinet 1
oraclelinux
oraclelinux
ntp security update
2017-02-06 00:00:00
ntp security, bug fix, and enhancement update
2018-04-16 00:00:00
ntp security update
2017-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: ntp-4.2.6p5-43.fc25
2016-12-08 03:53:53
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-43.fc23
2016-12-08 03:20:50
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-43.fc24
2016-12-07 20:21:32
nessus
nessus
Fedora 23 : ntp (2016-e8a8561ee7)
2016-12-08 00:00:00
Oracle Linux 6 / 7 : ntp (ELSA-2017-0252)
2017-02-07 00:00:00
CentOS 6 / 7 : ntp (CESA-2017:0252)
2017-02-07 00:00:00
ibm
ibm
Security Bulletin: Multiple Ntp vulnerability affects IBM Identity Security Governance
2018-06-16 21:59:07
Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security Network Protection
2018-06-16 21:50:34
Security Bulletin: IBM Security Access Manager appliances are affected by multiple Network Time Protocol (NTP) vulnerabilities
2018-06-16 22:01:52
openvas
openvas
Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1023)
2020-01-23 00:00:00
CentOS Update for ntp CESA-2017:0252 centos7
2017-02-07 00:00:00
Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1024)
2020-01-23 00:00:00
centos
centos
ntp, ntpdate, sntp security update
2017-02-06 11:25:17
redhat
redhat
(RHSA-2017:0252) Moderate: ntp security update
2017-02-06 03:59:03
amazon
amazon
Medium: ntp
2017-01-04 17:00:00
Medium: ntp
2018-05-10 17:11:00
Medium: ntp
2021-09-08 23:35:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2016-12-08 10:33:24
Updated ntp packages work around security vulnerability
2014-01-31 20:44:56
slackware
slackware
[slackware-security] ntp
2016-11-21 19:25:10
ntp
2014-02-13 16:38:35
huawei
huawei
Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products
2017-11-29 00:00:00
archlinux
archlinux
[ASA-201611-28] ntp: multiple issues
2016-11-26 00:00:00
cert
cert
NTP.org ntpd contains multiple denial of service vulnerabilities
2016-11-21 00:00:00
NTP can be abused to amplify denial-of-service attack traffic
2014-01-10 00:00:00
symantec
symantec
SA139 : November 2016 NTP Security Vulnerabilities
2017-01-12 08:00:00
freebsd
freebsd
ntp -- multiple vulnerabilities
2016-11-21 00:00:00
FreeBSD -- Multiple vulnerabilities of ntp
2016-12-22 00:00:00
ntpd DRDoS / Amplification Attack using ntpdc monlist command
2014-01-01 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:39.ntp
2016-12-22 00:00:00
FreeBSD-SA-14:02.ntpd
2014-01-14 00:00:00
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
2016-11-23 16:00:00
aix
aix
There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.
2017-02-13 15:32:47
Network Time Protocol (NTP) vulnerability in AIX,Network Time Protocol (NTP) vulnerability in VIOS
2014-06-12 16:24:51
ubuntu
ubuntu
NTP vulnerabilities
2017-07-05 00:00:00
NTP vulnerabilities
2019-01-23 00:00:00
cloudfoundry
cloudfoundry
USN-3349-1: NTP vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
nvd
nvd
CVE-2016-7433
2017-01-13 16:59:00
CVE-2016-7429
2017-01-13 16:59:00
CVE-2016-7426
2017-01-13 16:59:00
prion
prion
Design/Logic Flaw
2017-01-13 16:59:00
Null pointer dereference
2017-01-13 16:59:00
Code injection
2017-01-13 16:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:30:44
Denial Of Service (DoS)
2019-05-02 06:30:44
Denial Of Service (DoS)
2019-01-15 09:15:56
f5
f5
K51444934 : NTP vulnerability CVE-2016-7426
2016-12-19 00:00:00
K55405388 : NTP vulnerability CVE-2016-9311
2016-12-30 00:00:00
SOL15154 - NTP vulnerability CVE-2013-5211
2014-04-10 00:00:00
cve
cve
CVE-2016-7426
2017-01-13 16:59:00
CVE-2016-9311
2017-01-13 16:59:00
CVE-2016-7429
2017-01-13 16:59:00
ubuntucve
ubuntucve
CVE-2016-9311
2017-01-13 00:00:00
CVE-2016-7429
2017-01-13 00:00:00
CVE-2016-7433
2017-01-13 00:00:00
cvelist
cvelist
CVE-2016-9311
2017-01-13 16:00:00
CVE-2016-7426
2017-01-13 16:00:00
CVE-2016-7429
2017-01-13 16:00:00
threatpost
threatpost
Volume of NTP Amplification Attacks Getting Louder
2014-04-29 13:03:29
NTP Amplification Blamed for 400 Gbps DDoS Attack
2014-02-11 12:21:35
PointDNS Recovers from Massive DDoS Attack
2014-05-12 15:35:26
checkpoint_advisories
checkpoint_advisories
NTP Servers Monlist Command Denial of Service (CVE-2013-5211)
2014-01-19 00:00:00
zdt
zdt
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-29 00:00:00
securityvulns
securityvulns
ntp traffic amplification
2014-01-14 00:00:00
[security bulletin] HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service &#40;DoS&#41;
2014-01-14 00:00:00
TA14-013A: NTP Amplification Attacks Using CVE-2013-5211
2014-01-14 00:00:00
suse
suse
DDoS reflection attacks in ntp
2014-01-20 17:05:38
debiancve
debiancve
CVE-2016-7426
2017-01-13 16:59:00
CVE-2016-7433
2017-01-13 16:59:00
CVE-2016-9311
2017-01-13 16:59:00
exploitpack
exploitpack
NTP ntpd monlist Query Reflection - Denial of Service
2014-04-28 00:00:00
packetstorm
packetstorm
NTP Amplification Denial Of Service Tool
2014-07-16 00:00:00
redhatcve
redhatcve
CVE-2016-7429
2016-11-22 11:17:39
CVE-2016-7426
2016-11-22 11:17:27
CVE-2016-7433
2016-11-22 11:17:34
gentoo
gentoo
NTP: Traffic amplification
2014-01-16 00:00:00
ics
ics
NTP Reflection Attack
2018-09-06 12:00:00
checkpoint_security
checkpoint_security
Blocking NTP access on Gaia OS / IPSO OS (CVE-2013-5211)
2014-03-01 22:00:00
metasploit
metasploit
NTP Monitor List Scanner
2010-01-27 23:25:17
fortinet
fortinet
FortiAnalyzer could potentially be used in NTP amplification attacks
2020-06-22 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.967 High

EPSS

Percentile

99.7%

JSON
Related for ORACLEVM_OVMSA-2017-0038.NASL
oraclelinux5fedora3nessus57ibm18openvas26centos1redhat1amazon3mageia2slackware2huawei1archlinux1cert2symantec1freebsd3freebsd_advisory2cisco1aix2ubuntu2cloudfoundry1nvd6prion6veracode4f54cve6ubuntucve5cvelist6threatpost4checkpoint_advisories1zdt1securityvulns3suse1debiancve6exploitpack1packetstorm1redhatcve5gentoo1ics1checkpoint_security1metasploit1fortinet1