pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2018-1361/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

267 lines
13 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181361",
"Version": "oval:org.altlinux.errata:def:20181361",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1361: package `ntp` update to version 4.2.8p11-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1361",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1361",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-01637",
"RefURL": "https://bdu.fstec.ru/vul/2018-01637",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00216",
"RefURL": "https://bdu.fstec.ru/vul/2019-00216",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00217",
"RefURL": "https://bdu.fstec.ru/vul/2019-00217",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00218",
"RefURL": "https://bdu.fstec.ru/vul/2019-00218",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00219",
"RefURL": "https://bdu.fstec.ru/vul/2019-00219",
"Source": "BDU"
},
{
"RefID": "BDU:2021-00093",
"RefURL": "https://bdu.fstec.ru/vul/2021-00093",
"Source": "BDU"
},
{
"RefID": "CVE-2016-1549",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-1549",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7170",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7170",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7182",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7182",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7183",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7183",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7184",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7184",
"Source": "CVE"
},
{
"RefID": "CVE-2018-7185",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7185",
"Source": "CVE"
}
],
"Description": "This update upgrades ntp to version 4.2.8p11-alt1. \nSecurity Fix(es):\n\n * BDU:2018-01637: Уязвимость реализации протокола синхронизации времени NTP, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00216: Уязвимость функции decodearr программы мониторинга ntpq реализации протокола синхронизации времени NTP, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-00217: Уязвимость демона ntpd реализации протокола синхронизации времени NTP, связанная с ошибками управления ключами, позволяющая нарушителю оказать воздействие на целостность данных\n\n * BDU:2019-00218: Уязвимость программы-демона ntpd реализации протокола синхронизации времени NTP, связанная с ошибками обработки входных данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00219: Уязвимость метода ctl_getitem программы-демона ntpd реализации протокола синхронизации времени NTP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-00093: Уязвимость сетевого протокола NTP, связанная с ошибкой при обработке данных, позволяющая нарушителю оказать воздействие на целостность данных\n\n * CVE-2016-1549: A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.\n\n * CVE-2018-7170: ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.\n\n * CVE-2018-7182: The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.\n\n * CVE-2018-7183: Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.\n\n * CVE-2018-7184: ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.\n\n * CVE-2018-7185: The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-03-04"
},
"Updated": {
"Date": "2018-03-04"
},
"BDUs": [
{
"ID": "BDU:2018-01637",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2018-01637",
"Impact": "Low",
"Public": "20180306"
},
{
"ID": "BDU:2019-00216",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2019-00216",
"Impact": "High",
"Public": "20180308"
},
{
"ID": "BDU:2019-00217",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-19, CWE-320",
"Href": "https://bdu.fstec.ru/vul/2019-00217",
"Impact": "Low",
"Public": "20180306"
},
{
"ID": "BDU:2019-00218",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2019-00218",
"Impact": "Low",
"Public": "20180306"
},
{
"ID": "BDU:2019-00219",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2019-00219",
"Impact": "Low",
"Public": "20180306"
},
{
"ID": "BDU:2021-00093",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-19",
"Href": "https://bdu.fstec.ru/vul/2021-00093",
"Impact": "Low",
"Public": "20170106"
}
],
"CVEs": [
{
"ID": "CVE-2016-1549",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"CWE": "CWE-19",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-1549",
"Impact": "Low",
"Public": "20170106"
},
{
"ID": "CVE-2018-7170",
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7170",
"Impact": "Low",
"Public": "20180306"
},
{
"ID": "CVE-2018-7182",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7182",
"Impact": "High",
"Public": "20180306"
},
{
"ID": "CVE-2018-7183",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7183",
"Impact": "Critical",
"Public": "20180308"
},
{
"ID": "CVE-2018-7184",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7184",
"Impact": "High",
"Public": "20180306"
},
{
"ID": "CVE-2018-7185",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-7185",
"Impact": "High",
"Public": "20180306"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181361001",
"Comment": "ntp is earlier than 0:4.2.8p11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181361002",
"Comment": "ntp-aux is earlier than 0:4.2.8p11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181361003",
"Comment": "ntp-doc is earlier than 0:4.2.8p11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181361004",
"Comment": "ntp-utils is earlier than 0:4.2.8p11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181361005",
"Comment": "ntpd is earlier than 0:4.2.8p11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181361006",
"Comment": "ntpdate is earlier than 0:4.2.8p11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181361007",
"Comment": "ntpq is earlier than 0:4.2.8p11-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181361008",
"Comment": "perl-NTP-Util is earlier than 0:4.2.8p11-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink