ID de Prueba:	1.3.6.1.4.1.25623.1.0.106110
Categoría:	Web application abuses
Título:	Meinberg LANTIME < 6.20.005 Multiple Vulnerabilities (MBGSA-1604)
Resumen:	Meinberg LANTIME NTP Timeserver devices are prone to multiple; vulnerabilities.
Descripción:	Summary: Meinberg LANTIME NTP Timeserver devices are prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2016-3962: Remote stack buffer overflow vulnerability involving parsing of parameter in POST request in function provides privilege of web server 'nobody'. - CVE-2016-3988: Remote stack buffer overflow vulnerability is present while parsing nine different parameters in POST request in function. - CVE-2016-3989: Weak access controls allow for privilege escalation from 'nobody' to 'root' user. 'nobody' has permissions to alter script that can only run as 'root'. - CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957: Multiple vulnerabilities in NTP. Vulnerability Impact: Successful exploitation of these vulnerabilities could cause a buffer overflow condition that may allow escalation to root privileges. Affected Software/OS: Meinberg LANTIME devices with firmware versions prior to 6.20.005. Solution: Update to firmware version 6.20.005 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3962 https://www.exploit-db.com/exploits/40120/ https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03 Common Vulnerability Exposure (CVE) ID: CVE-2016-3988 Common Vulnerability Exposure (CVE) ID: CVE-2016-3989 Common Vulnerability Exposure (CVE) ID: CVE-2016-4953 BugTraq ID: 91010 http://www.securityfocus.com/bid/91010 Bugtraq: 20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp (Google Search) http://www.securityfocus.com/archive/1/538600/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded Bugtraq: 20160604 [slackware-security] ntp (SSA:2016-155-01) (Google Search) http://www.securityfocus.com/archive/1/538599/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded Bugtraq: 20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS) (Google Search) http://www.securityfocus.com/archive/1/540683/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded CERT/CC vulnerability note: VU#321640 http://www.kb.cert.org/vuls/id/321640 https://www.kb.cert.org/vuls/id/321640 Cisco Security Advisory: 20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd FreeBSD Security Advisory: FreeBSD-SA-16:24 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc https://security.gentoo.org/glsa/201607-15 http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 http://www.securitytracker.com/id/1036037 SuSE Security Announcement: SUSE-SU-2016:1563 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html SuSE Security Announcement: SUSE-SU-2016:1568 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html SuSE Security Announcement: SUSE-SU-2016:1584 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html SuSE Security Announcement: SUSE-SU-2016:1602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html SuSE Security Announcement: SUSE-SU-2016:1912 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html SuSE Security Announcement: SUSE-SU-2016:2094 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html SuSE Security Announcement: openSUSE-SU-2016:1583 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html SuSE Security Announcement: openSUSE-SU-2016:1636 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4954 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/ http://www.ubuntu.com/usn/USN-3096-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-4955 BugTraq ID: 91007 http://www.securityfocus.com/bid/91007 Common Vulnerability Exposure (CVE) ID: CVE-2016-4956 BugTraq ID: 91009 http://www.securityfocus.com/bid/91009 Common Vulnerability Exposure (CVE) ID: CVE-2016-4957
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.