Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2016-054-04
HistoryFeb 23, 2016 - 7:51 p.m.

[slackware-security] ntp

2016-02-2319:51:20
Slackware Linux Project
www.slackware.com
37

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

0.097 Low

EPSS

Percentile

94.8%

JSON

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz: Upgraded.
In addition to bug fixes and enhancements, this release fixes
several low and medium severity vulnerabilities.
For more information, see:
https://vulners.com/cve/CVE-2015-5300
https://vulners.com/cve/CVE-2015-7973
https://vulners.com/cve/CVE-2015-7974
https://vulners.com/cve/CVE-2015-7975
https://vulners.com/cve/CVE-2015-7976
https://vulners.com/cve/CVE-2015-7977
https://vulners.com/cve/CVE-2015-7978
https://vulners.com/cve/CVE-2015-7979
https://vulners.com/cve/CVE-2015-8138
https://vulners.com/cve/CVE-2015-8158
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8p6-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8p6-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8p6-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8p6-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8p6-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8p6-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8p6-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8p6-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8p6-x86_64-1.txz

MD5 signatures:

Slackware 13.0 package:
31365ae4f12849e65d4ad1c8c7d5f89a ntp-4.2.8p6-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
5a2d24bdacd8dd05ab9e0613c829212b ntp-4.2.8p6-x86_64-1_slack13.0.txz

Slackware 13.1 package:
e70f7422bc81c144e6fac1df2c202634 ntp-4.2.8p6-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
f6637f6d24b94a6b17c68467956a6283 ntp-4.2.8p6-x86_64-1_slack13.1.txz

Slackware 13.37 package:
82601e105f95e324dfd1e2f0df513673 ntp-4.2.8p6-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
d3ba32d46f7eef8f75a3444bbee4c677 ntp-4.2.8p6-x86_64-1_slack13.37.txz

Slackware 14.0 package:
c5ff13e58fbbea0b7a677e947449e7b1 ntp-4.2.8p6-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
9e2abfaf0b0b7bf84a8a4db89f60eff6 ntp-4.2.8p6-x86_64-1_slack14.0.txz

Slackware 14.1 package:
e1e6b84808b7562314e0e29479153553 ntp-4.2.8p6-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
8db0a4ca68805c7f5e487d5bcd69d098 ntp-4.2.8p6-x86_64-1_slack14.1.txz

Slackware -current package:
f96f443f54a74c20b5eb67467f5958ea n/ntp-4.2.8p6-i586-1.txz

Slackware x86_64 -current package:
5e256f2e1906b4c75047a966996a7a41 n/ntp-4.2.8p6-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg ntp-4.2.8p6-i486-1_slack14.1.txz

Then, restart the NTP daemon:

> sh /etc/rc.d/rc.ntpd restart

Related

paloalto 1
nessus 39
openvas 26
suse 5
freebsd 1
freebsd_advisory 1
cisco 1
fedora 2
symantec 1
mageia 1
amazon 1
aix 2
ibm 14
debian 2
ubuntu 1
cloudfoundry 1
osv 2
ubuntucve 9
f5 16
cert 1
ics 1
centos 2
redhat 2
oraclelinux 3
cve 9
talos 8
debiancve 10
cvelist 10
prion 10
veracode 5
nvd 10
checkpoint_security 1
archlinux 1
paloalto
paloalto
NTP Vulnerabilities
2016-08-15 00:00:00
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : ntp (SSA:2016-054-04)
2016-02-24 00:00:00
SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1175-1)
2016-05-02 00:00:00
openSUSE Security Update : ntp (openSUSE-2016-578)
2016-05-13 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2016-054-04)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1175-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1177-1)
2021-04-19 00:00:00
suse
suse
Security update for ntp (important)
2016-04-28 19:09:34
Security update for ntp (important)
2016-05-12 21:07:47
Security update for ntp (important)
2016-04-28 19:13:09
freebsd
freebsd
ntp -- multiple vulnerabilities
2016-01-20 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:09.ntp
2016-01-27 00:00:00
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016
2016-01-27 20:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-36.fc23
2016-01-30 18:28:19
[SECURITY] Fedora 22 Update: ntp-4.2.6p5-36.fc22
2016-02-21 02:33:52
symantec
symantec
SA113 : January 2016 NTP Security Vulnerabilities
2016-03-03 08:00:00
mageia
mageia
Updated ntp packages fix security vulnerability
2016-01-29 14:02:50
amazon
amazon
Important: ntp
2016-02-09 13:30:00
aix
aix
Vulnerabilities in NTP affect AIX,Vulnerabilities in NTP affect VIOS
2016-06-08 13:17:48
Vulnerability in NTPv4 affects AIX
2016-02-22 08:06:13
ibm
ibm
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru Firmware, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2015-8138 CVE-2015-5300)
2023-04-14 14:32:25
debian
debian
[SECURITY] [DSA 3629-1] ntp security update
2016-07-25 21:15:32
[SECURITY] [DLA 559-1] ntp security update
2016-07-25 21:37:14
ubuntu
ubuntu
NTP vulnerabilities
2016-10-05 00:00:00
cloudfoundry
cloudfoundry
USN-3096-1: NTP vulnerabilities | Cloud Foundry
2016-12-21 00:00:00
osv
osv
ntp - security update
2016-07-25 00:00:00
ntp - security update
2016-07-25 00:00:00
ubuntucve
ubuntucve
CVE-2015-7978
2015-12-31 00:00:00
CVE-2015-7977
2015-12-31 00:00:00
CVE-2015-7976
2015-12-31 00:00:00
f5
f5
SOL06288381 - NTP vulnerabilities CVE-2015-7977 and CVE-2015-7978
2016-02-22 00:00:00
K06288381 : NTP vulnerabilities CVE-2015-7977 and CVE-2015-7978
2016-02-22 00:00:00
SOL21230183 - NTP vulnerability CVE-2015-7976
2016-02-22 00:00:00
cert
cert
NTP.org ntpd contains multiple vulnerabilities
2016-04-27 00:00:00
ics
ics
Siemens TIM 4R-IE Devices
2021-04-13 12:00:00
centos
centos
ntp, ntpdate, sntp security update
2016-11-25 16:00:55
ntp, ntpdate, sntp security update
2016-01-25 14:27:37
redhat
redhat
(RHSA-2016:2583) Moderate: ntp security and bug fix update
2016-11-03 06:07:15
(RHSA-2016:0063) Important: ntp security update
2016-01-25 00:00:00
oraclelinux
oraclelinux
ntp security and bug fix update
2016-11-09 00:00:00
ntp security and bug fix update
2016-05-12 00:00:00
ntp security update
2016-01-25 00:00:00
cve
cve
CVE-2015-7976
2017-01-30 21:59:00
CVE-2015-7974
2016-01-26 19:59:00
CVE-2015-8138
2017-01-30 21:59:00
talos
talos
Network Time Protocol ntpq Special Character Filtering Vulnerability
2016-01-19 00:00:00
Network Time Protocol Deja Vu: Broadcast Mode Replay Vulnerability
2016-01-19 00:00:00
Network Time Protocol Origin Timestamp Check Impersonation Vulnerability
2016-01-19 00:00:00
debiancve
debiancve
CVE-2015-7976
2017-01-30 21:59:00
CVE-2015-7978
2017-01-30 21:59:00
CVE-2015-7979
2017-01-30 21:59:00
cvelist
cvelist
CVE-2015-7973
2017-01-30 21:00:00
CVE-2015-7978
2017-01-30 21:00:00
CVE-2015-7977
2017-01-30 21:00:00
prion
prion
Design/Logic Flaw
2017-01-30 21:59:00
Design/Logic Flaw
2017-01-30 21:59:00
Code injection
2017-01-30 21:59:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:29:37
Denial Of Service (DoS)
2019-05-02 05:29:37
Denial Of Service (DoS)
2019-01-15 09:11:41
nvd
nvd
CVE-2015-7973
2017-01-30 21:59:00
CVE-2015-7974
2016-01-26 19:59:00
CVE-2015-7978
2017-01-30 21:59:00
checkpoint_security
checkpoint_security
Check Point response to NTP "panic threshold" Bypass Vulnerability (CVE-2015-5300)
2016-02-02 07:14:32
archlinux
archlinux
ntp: time alteration
2016-01-17 00:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

0.097 Low

EPSS

Percentile

94.8%

JSON
Related for SSA-2016-054-04
paloalto1nessus39openvas26suse5freebsd1freebsd_advisory1cisco1fedora2symantec1mageia1amazon1aix2ibm14debian2ubuntu1cloudfoundry1osv2ubuntucve9f516cert1ics1centos2redhat2oraclelinux3cve9talos8debiancve10cvelist10prion10veracode5nvd10checkpoint_security1archlinux1