English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105726
Categoría:CISCO
Título:Cisco IPICS Multiple Vulnerabilities in Network Time Protocol Daemon (cisco-sa-20160127-ntpd)
Resumen:Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package.; Versions of this package are affected by one or more vulnerabilities that could allow an; unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time; being advertised by a device acting as a Network Time Protocol (NTP) server.;; On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory; detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities,; and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in; this document are as follows: CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated; Broadcast Mode Vulnerability CVE-2015-7974: Network Time Protocol Missing Trusted Key Check CVE-2015-; 7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check CVE-2015-7976:; Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in; Filenames CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of; Service Vulnerability CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service CVE-2015-; 7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service CVE-2015-8138: Network Time; Protocol Zero Origin Timestamp Bypass CVE-2015-8139: Network Time Protocol Information Disclosure of; Origin Timestamp CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack CVE-2015-; 8158: Standard and Special Network Time Protocol Query Program Infinite loop;; Cisco has released software updates that address these vulnerabilities.;; Workarounds that address some of these vulnerabilities may be available. Available workarounds will; be documented in the corresponding Cisco bug for each affected product.
Descripción:Summary:
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package.
Versions of this package are affected by one or more vulnerabilities that could allow an
unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time
being advertised by a device acting as a Network Time Protocol (NTP) server.

On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory
detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities,
and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in
this document are as follows: CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated
Broadcast Mode Vulnerability CVE-2015-7974: Network Time Protocol Missing Trusted Key Check CVE-2015-
7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check CVE-2015-7976:
Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in
Filenames CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of
Service Vulnerability CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service CVE-2015-
7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service CVE-2015-8138: Network Time
Protocol Zero Origin Timestamp Bypass CVE-2015-8139: Network Time Protocol Information Disclosure of
Origin Timestamp CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack CVE-2015-
8158: Standard and Special Network Time Protocol Query Program Infinite loop

Cisco has released software updates that address these vulnerabilities.

Workarounds that address some of these vulnerabilities may be available. Available workarounds will
be documented in the corresponding Cisco bug for each affected product.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-7974
BugTraq ID: 81960
http://www.securityfocus.com/bid/81960
Debian Security Information: DSA-3629 (Google Search)
http://www.debian.org/security/2016/dsa-3629
FreeBSD Security Advisory: FreeBSD-SA-16:09
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
https://security.gentoo.org/glsa/201607-15
http://www.talosintel.com/reports/TALOS-2016-0071/
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
RedHat Security Advisories: RHSA-2016:2583
http://rhn.redhat.com/errata/RHSA-2016-2583.html
http://www.securitytracker.com/id/1034782
Common Vulnerability Exposure (CVE) ID: CVE-2015-7975
BugTraq ID: 81959
http://www.securityfocus.com/bid/81959
CERT/CC vulnerability note: VU#718152
https://www.kb.cert.org/vuls/id/718152
Cisco Security Advisory: 20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
SuSE Security Announcement: SUSE-SU-2016:1175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
SuSE Security Announcement: SUSE-SU-2016:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
SuSE Security Announcement: SUSE-SU-2016:1247 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
SuSE Security Announcement: SUSE-SU-2016:1311 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
SuSE Security Announcement: openSUSE-SU-2016:1292 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1423 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://www.ubuntu.com/usn/USN-3096-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-7976
Common Vulnerability Exposure (CVE) ID: CVE-2015-7978
BugTraq ID: 81962
http://www.securityfocus.com/bid/81962
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html
RedHat Security Advisories: RHSA-2016:0780
http://rhn.redhat.com/errata/RHSA-2016-0780.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-7977
BugTraq ID: 81815
http://www.securityfocus.com/bid/81815
Common Vulnerability Exposure (CVE) ID: CVE-2015-7979
BugTraq ID: 81816
http://www.securityfocus.com/bid/81816
RedHat Security Advisories: RHSA-2016:1141
https://access.redhat.com/errata/RHSA-2016:1141
RedHat Security Advisories: RHSA-2016:1552
http://rhn.redhat.com/errata/RHSA-2016-1552.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8138
BugTraq ID: 81811
http://www.securityfocus.com/bid/81811
Cisco Security Advisory: 20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
Cisco Security Advisory: 20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
RedHat Security Advisories: RHSA-2016:0063
http://rhn.redhat.com/errata/RHSA-2016-0063.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-8139
BugTraq ID: 82105
http://www.securityfocus.com/bid/82105
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/
Common Vulnerability Exposure (CVE) ID: CVE-2015-8140
Common Vulnerability Exposure (CVE) ID: CVE-2015-8158
BugTraq ID: 81814
http://www.securityfocus.com/bid/81814
Common Vulnerability Exposure (CVE) ID: CVE-2015-7973
BugTraq ID: 81963
http://www.securityfocus.com/bid/81963
CopyrightCopyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.