var-201412-0612
Vulnerability from variot
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to an unspecified security vulnerability. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Network Time Protocol 4.2.7 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
============================================================================= FreeBSD-SA-14:31.ntp Security Advisory The FreeBSD Project
Topic: Multiple vulnerabilities in NTP suite
Category: contrib Module: ntp Announced: 2014-12-23 Affects: All supported versions of FreeBSD. Corrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE) 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3) 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15) 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE) 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7) 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17) 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24) 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE) 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21) CVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
I.
II. [CVE-2014-9293] The ntp-keygen(8) utility is also affected by a similar issue. [CVE-2014-9294]
When Autokey Authentication is enabled, for example if ntp.conf(5) contains a 'crypto pw' directive, a remote attacker can send a carefully crafted packet that can overflow a stack buffer. [CVE-2014-9295]
In ntp_proto.c, the receive() function is missing a return statement in the case when an error is detected. [CVE-2014-9296]
III. Impact
The NTP protocol uses keys to implement authentication. The weak seeding of the pseudo-random number generator makes it easier for an attacker to brute-force keys, and thus may broadcast incorrect time stamps or masquerade as another time server. [CVE-2014-9293, CVE-2014-9294]
An attacker may be able to utilize the buffer overflow to crash the ntpd(8) daemon or potentially run arbitrary code with the privileges of the ntpd(8) process, which is typically root. [CVE-2014-9295]
IV. Workaround
No workaround is available, but systems not running ntpd(8) are not affected. Because the issue may lead to remote root compromise, the FreeBSD Security Team recommends system administrators to firewall NTP ports, namely tcp/123 and udp/123 when it is not clear that all systems have been patched or have ntpd(8) stopped.
V. Solution
NOTE WELL: It is advisable to regenerate all keys used for NTP authentication, if configured.
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch
fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc
gpg --verify ntp.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in
Restart the ntpd(8) daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r276073 releng/8.4/ r276154 stable/9/ r276073 releng/9.1/ r276155 releng/9.2/ r276156 releng/9.3/ r276157 stable/10/ r276072 releng/10.0/ r276158 releng/10.1/ r276159
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this advisory is available at
iQIcBAEBCgAGBQJUmfSAAAoJEO1n7NZdz2rnV/IQAMeAuVbyKDMu3mec0ErpL5z8 OcSxVxKWH9udDJQkpiw6OaU4ks7PGOH/PgAad0mIhWPflXtpUlWMQtUa54Ds4s/t NjknM2vS4sBMZLk0Poqsts0TohfwdxF+CT8OCZARA2i3t70Ov0Y9BeoCatL2rnS+ rPbhhlnQXrsAJDCKcjSrYw+37cDNEdcvk4UKhiKh76J6CXwn2cT6h1dXTMFyImWq slTNlkJV6iFMNYn3oSA8nCVEJVMw2XQwVfg2qzkpZcuDGKE5fFpdvX3VcRP7b2cq zwSClt29B7FF3EjrplRuEdgxDk8m9PjVbUz9tocLPIqV0RjhTA9j7MhNcWH5G3Dh u6NQDsA0WzE8Ki2mrWpTEAFp21ZzSyXXtZ703XYiXbQKNG9lKEFv5Z8ffVHSrUT7 uB2BsP+LrnnWNNdjkRSSSxrfy4CvFLsdQ9FI1FNz+oofEio6yPO+W47pBH//Nbj0 wfeReW1OlbrtWF6NHZr4CfX+Lx9hu4CXXdXRWKdMDTYUywr0V6BiIsrNlN1z7XCy 90+43twFhGBsOSVD5PpcDmt9oEYfpwWKdXO6dXClCo+mxAki/fgf5Y24cTT9DTQn CKuVZuyaMi+HZ0jf2sKITQ03S8+Nrn7cZEXkIGScfT5z1Y8pcN+7bRhB1DpaCs0q IIw6TjJXQm8DTMuBIwf3 =oSCq -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04554677
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04554677 Version: 1
HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-02-18 Last Updated: 2015-02-18
Potential Security Impact: Remote execution of code, Denial of Service (DoS), or other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities.
References:
CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous HP-UX B.11.23 running XNTP version 3.5 or previous
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX B.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows below.
The B.11.31 patch is available from: ftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw depot/displayProductInfo.do?productNumber=HPUX-NTP
Mitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295
Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf file.
Reference: http://support.ntp.org/bin/view/Main/SecurityNotice
NOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and B.11.11 become available.
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 18 February 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact.
Cisco will release free software updates that address these vulnerabilities. This situation may be exploitable by an attacker (CVE-2014-9296).
Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (CVE-2014-9297).
Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298).
The ntp package has been patched to fix these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9298 http://advisories.mageia.org/MGASA-2014-0541.html http://advisories.mageia.org/MGASA-2015-0063.html
Updated Packages:
Mandriva Business Server 2/X86_64: 8f7d14b95c55bd1de7230cff0c8ea9d7 mbs2/x86_64/ntp-4.2.6p5-16.1.mbs2.x86_64.rpm 09063ab11459b1f935809b37c742ff12 mbs2/x86_64/ntp-client-4.2.6p5-16.1.mbs2.x86_64.rpm 7a0d0eca35911d9f15b76b474c5512cf mbs2/x86_64/ntp-doc-4.2.6p5-16.1.mbs2.noarch.rpm cb0371050702950084ff633ea45c2c5c mbs2/SRPMS/ntp-4.2.6p5-16.1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVF9K3mqjQ0CJFipgRAn26AJwInkxLvDh/Gbb3uYRz9IjuaSK8+ACgiM1Z rou2syvF1hyhVhxh7M5sv3c= =uncU -----END PGP SIGNATURE----- .
CVE-2014-9293
ntpd generated a weak key for its internal use, with full
administrative privileges. Attackers could use this key to
reconfigure ntpd (or to exploit other vulnerabilities).
The default ntpd configuration in Debian restricts access to localhost (and possible the adjacent network in case of IPv6).
Keys explicitly generated by "ntp-keygen -M" should be regenerated.
For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u1. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014
ntp vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in NTP. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9293)
Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the MD5 key and spoof a client or server. (CVE-2014-9294)
Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295)
Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1
Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1
Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2
Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2
After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen.
References: http://www.ubuntu.com/usn/usn-2449-1 CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2 . Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. HP is
continually reviewing and enhancing the security features of software products to provide customers with current
secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected
HP products the important security information contained in this Bulletin. HP recommends that all users
determine the applicability of this information to their individual situations and take appropriate action. HP
does not warrant that this information is necessarily accurate or complete for all user situations and,
consequently, HP will not be responsible for any damages resulting from user's use or disregard of the
information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability and fitness for a particular purpose, title and
non-infringement."
Copyright 2015 Hewlett-Packard Development Company, L.P. The net-misc/ntp package contains the official reference implementation by the NTP Project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/ntp < 4.2.8 >= 4.2.8
Description
Multiple vulnerabilities have been discovered in NTP. Please review the CVE identifiers referenced below for details.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.8"
References
[ 1 ] CVE-2014-9293 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293 [ 2 ] CVE-2014-9294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294 [ 3 ] CVE-2014-9295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295 [ 4 ] CVE-2014-9296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-34.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0612",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ntp",
"scope": "lte",
"trust": 1.0,
"vendor": "ntp",
"version": "4.2.7"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "efficientip",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ntp",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "omniti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "watchguard",
"version": null
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "edge digital media player",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3000"
},
{
"model": "download server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "0"
},
{
"model": "ntp",
"scope": "eq",
"trust": 0.6,
"vendor": "ntp",
"version": "4.2.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "opensuse evergreen",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux client optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.3"
},
{
"model": "network time protocol 4.2.7p10",
"scope": null,
"trust": 0.3,
"vendor": "meinberg",
"version": null
},
{
"model": "network time protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.2.7"
},
{
"model": "network time protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.2.6"
},
{
"model": "network time protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.2.5"
},
{
"model": "network time protocol 4.2.4p8@lennon-o-lpv",
"scope": null,
"trust": 0.3,
"vendor": "meinberg",
"version": null
},
{
"model": "network time protocol 4.2.4p7@copenhagen-o",
"scope": null,
"trust": 0.3,
"vendor": "meinberg",
"version": null
},
{
"model": "network time protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.2.4"
},
{
"model": "network time protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.2.2"
},
{
"model": "network time protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.2.0"
},
{
"model": "network time protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.1.0"
},
{
"model": "network time protocol",
"scope": "eq",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.0"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "vgw",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "nsmexpress",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "nsm server software",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "nsm series appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "nsm",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "junos os 14.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 14.1r2-s2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 14.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 14.1r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.3r4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.3r3-s2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.3r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.3r2-s3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.3r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.2x51-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.2r5-s1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.2r5",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.1x50-d30",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.1r4-s3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.1r4-s2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.3r8",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.3r7",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.2x50-d70",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.2r9",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.1x47-d15",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.1x47-d10",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.1x46-d25",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.1x46-d20",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.1x44-d40",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 11.4r12-s4",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 11.4r12-s1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "xeon phi 7120p",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi 7120a",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi 5110p",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "xeon phi 3120a",
"scope": null,
"trust": 0.3,
"vendor": "intel",
"version": null
},
{
"model": "manycore platform software stack",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "3.4"
},
{
"model": "manycore platform software stack",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "3.3"
},
{
"model": "manycore platform software stack",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "3.2"
},
{
"model": "manycore platform software stack",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "3.1"
},
{
"model": "manycore platform software stack",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2.1"
},
{
"model": "smartcloud entry fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.19"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77100"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77000"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "76000"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "71005.3"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "71005.2"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.3"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.2"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "41005.3"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "41005.2"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "31005.3"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "31005.2"
},
{
"model": "pureflex",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3950x6"
},
{
"model": "pureflex",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x3850x6"
},
{
"model": "pureflex x240m5+pen",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "pureflex x240m4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "pureflex x220m4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "puredata system for operational analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "puredata system for operational analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8.2.0"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.8.1.0"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.9.0"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.8.0"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.7.0"
},
{
"model": "power hmc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.7.3.0"
},
{
"model": "nextscale nx360m5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "nextscale nx360m4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.3"
},
{
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2.0"
},
{
"model": "idataplex dx360m4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rack v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "x8000"
},
{
"model": "v1300n v100r002c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "tecal xh621 v100r001c00b010",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "tecal xh320 v100r001c00spc105",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "tecal xh311 v100r001c00spc100",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "tecal xh310 v100r001c00spc100",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "rh5885h v100r003c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v3"
},
{
"model": "rh5885 v100r003c01",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v3"
},
{
"model": "rh5885 v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "rh2485 v100r002c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "rh2288h v100r002c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "rh2288e v100r002c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "rh2288 v100r002c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "rh2285h v100r002c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "rh2285 v100r002c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "rh1288 v100r002c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "oceanstor uds v100r002c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor uds v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s6800t v200r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5800t v200r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5600t v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5500t v200r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s2600t v200r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor hvs88t v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor hvs85t v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor 18800f v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "18800"
},
{
"model": "high-density server dh628 v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "high-density server dh621 v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "high-density server dh620 v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "high-density server dh320 v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "v2"
},
{
"model": "fusionsphere openstack v100r005c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncube v100r002c02spc300",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncube v100r002c02spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncube v100r002c02spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncube v100r002c01spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r005c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r005c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r003c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusioncompute v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fusionaccess v100r005c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace vtm v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace vtm v100r001c30",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace vtm v100r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace vcn3000 v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace usm v200r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace uc v200r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace uc v200r002c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace uc v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2980 v200r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2980 v100r001c02spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2980 v100r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace ivs v100r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace dcm v100r002c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace dcm v100r001c03",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace dcm v100r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace dcm v100r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace cc v200r001c50",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace cc v200r001c32",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace cc v200r001c31",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace cc v200r001c03",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace cad v100r001c01lhue01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight uc\u0026c v100r001c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight uc\u0026c v100r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight network v200r005c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight network v200r003c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight network v200r003c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "e9000 chassis v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "e6000 chassis v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "dc v100r002c01spc001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "virtualization performance viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.10"
},
{
"model": "virtualization performance viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.01"
},
{
"model": "virtualization performance viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "virtualization performance viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"model": "virtualization performance viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1"
},
{
"model": "virtualization performance viewer",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "tcp/ip services for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.7"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "advanced server ha8000cr",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "0"
},
{
"model": "vipr srm",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.6.0"
},
{
"model": "m\u0026r",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex social",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webex meetings server base",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.5"
},
{
"model": "webex meetings server 2.0mr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "virtualization experience client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "62150"
},
{
"model": "virtual systems operations center for vpe project",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "virtual security gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "videoscape conductor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "videoscape back office",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance media server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video delivery system recorder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "universal small cell ran management system wireless",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified sip proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6"
},
{
"model": "unified meetingplace",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ucs manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ucs invicta series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ucs director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "transaction encryption device",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence tx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "telepresence te software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500-370"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500-320"
},
{
"model": "telepresence system series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "13000"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11000"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence isdn link",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "13100"
},
{
"model": "service control engines system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "scos",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "remote network control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "remote conditional access system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "quantum son suite",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "quantum policy suite",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime service catalog virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "powervu network center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "powervu d9190 conditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "powerkey encryption server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "physical access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000v0"
},
{
"model": "network configuration and change management service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "network configuration and change management",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "netflow collection agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "media experience engines",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mds series multilayer switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "management heartbeat server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jabber guest",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "iptv service delivery system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios xr for cisco network convergence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "international digital network control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "intelligent automation for cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "im and presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "explorer controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise content delivery service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "emergency responder",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "dncs application server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital transport adapter control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital network control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dcm series 9900-digital content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "common services platform collector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "common download server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "command server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "20000"
},
{
"model": "cloud object store",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence endpoints sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence endpoints mxg2 series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence endpoints mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence endpoints ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence endpoints c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence endpoints 10\" touch panel",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "autobackup server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asa cx and cisco prime security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "application and content networking system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "one-x client enablement services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.02"
},
{
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.01"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "network time protocol",
"scope": "ne",
"trust": 0.3,
"vendor": "meinberg",
"version": "4.2.8"
},
{
"model": "junos os 14.2r3",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 14.1x55-d16",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 14.1x50-d90",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 14.1r5",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.3r6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 13.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.3x48-d15",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.3r9",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.1x47-d20",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.1x46-d35",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "junos os 12.1x44-d50",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "smartcloud entry fp",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.110"
},
{
"model": "vipr srm",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.6.1"
},
{
"model": "m\u0026r 6.5u1",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#852879"
},
{
"db": "BID",
"id": "71758"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-457"
},
{
"db": "NVD",
"id": "CVE-2014-9296"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stephen Roettger and Neel Mehta of the Google Security Team.",
"sources": [
{
"db": "BID",
"id": "71758"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9296",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9296",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-457",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-9296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-9296"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-457"
},
{
"db": "NVD",
"id": "CVE-2014-9296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to an unspecified security vulnerability. \nLittle is known about this issue or its effects at this time. We will update this BID as more information emerges. \nNetwork Time Protocol 4.2.7 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-14:31.ntp Security Advisory\n The FreeBSD Project\n\nTopic: Multiple vulnerabilities in NTP suite\n\nCategory: contrib\nModule: ntp\nAnnounced: 2014-12-23\nAffects: All supported versions of FreeBSD. \nCorrected: 2014-14-22 19:07:16 UTC (stable/10, 10.1-STABLE)\n 2014-12-23 22:56:01 UTC (releng/10.1, 10.1-RELEASE-p3)\n 2014-12-23 22:55:14 UTC (releng/10.0, 10.0-RELEASE-p15)\n 2014-14-22 19:08:09 UTC (stable/9, 9.3-STABLE)\n 2014-12-23 22:54:25 UTC (releng/9.3, 9.3-RELEASE-p7)\n 2014-12-23 22:53:44 UTC (releng/9.2, 9.2-RELEASE-p17)\n 2014-12-23 22:53:03 UTC (releng/9.1, 9.1-RELEASE-p24)\n 2014-14-22 19:08:09 UTC (stable/8, 8.4-STABLE)\n 2014-12-23 22:52:22 UTC (releng/8.4, 8.4-RELEASE-p21)\nCVE Name: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI. \n\nII. [CVE-2014-9293]\nThe ntp-keygen(8) utility is also affected by a similar issue. \n[CVE-2014-9294]\n\nWhen Autokey Authentication is enabled, for example if ntp.conf(5) contains\na \u0027crypto pw\u0027 directive, a remote attacker can send a carefully\ncrafted packet that can overflow a stack buffer. [CVE-2014-9295]\n\nIn ntp_proto.c, the receive() function is missing a return statement in\nthe case when an error is detected. [CVE-2014-9296]\n\nIII. Impact\n\nThe NTP protocol uses keys to implement authentication. The weak\nseeding of the pseudo-random number generator makes it easier for an\nattacker to brute-force keys, and thus may broadcast incorrect time stamps\nor masquerade as another time server. [CVE-2014-9293, CVE-2014-9294]\n\nAn attacker may be able to utilize the buffer overflow to crash the ntpd(8)\ndaemon or potentially run arbitrary code with the privileges of the ntpd(8)\nprocess, which is typically root. [CVE-2014-9295]\n\nIV. Workaround\n\nNo workaround is available, but systems not running ntpd(8) are not\naffected. Because the issue may lead to remote root compromise, the\nFreeBSD Security Team recommends system administrators to firewall NTP\nports, namely tcp/123 and udp/123 when it is not clear that all systems\nhave been patched or have ntpd(8) stopped. \n\nV. Solution\n\nNOTE WELL: It is advisable to regenerate all keys used for NTP\nauthentication, if configured. \n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch\n# fetch https://security.FreeBSD.org/patches/SA-14:31/ntp.patch.asc\n# gpg --verify ntp.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart the ntpd(8) daemons, or reboot the system. \n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r276073\nreleng/8.4/ r276154\nstable/9/ r276073\nreleng/9.1/ r276155\nreleng/9.2/ r276156\nreleng/9.3/ r276157\nstable/10/ r276072\nreleng/10.0/ r276158\nreleng/10.1/ r276159\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\u003e\n\n\u003cURL:https://www.kb.cert.org/vuls/id/852879\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-14:31.ntp.asc\u003e\n-----BEGIN PGP SIGNATURE-----\n\niQIcBAEBCgAGBQJUmfSAAAoJEO1n7NZdz2rnV/IQAMeAuVbyKDMu3mec0ErpL5z8\nOcSxVxKWH9udDJQkpiw6OaU4ks7PGOH/PgAad0mIhWPflXtpUlWMQtUa54Ds4s/t\nNjknM2vS4sBMZLk0Poqsts0TohfwdxF+CT8OCZARA2i3t70Ov0Y9BeoCatL2rnS+\nrPbhhlnQXrsAJDCKcjSrYw+37cDNEdcvk4UKhiKh76J6CXwn2cT6h1dXTMFyImWq\nslTNlkJV6iFMNYn3oSA8nCVEJVMw2XQwVfg2qzkpZcuDGKE5fFpdvX3VcRP7b2cq\nzwSClt29B7FF3EjrplRuEdgxDk8m9PjVbUz9tocLPIqV0RjhTA9j7MhNcWH5G3Dh\nu6NQDsA0WzE8Ki2mrWpTEAFp21ZzSyXXtZ703XYiXbQKNG9lKEFv5Z8ffVHSrUT7\nuB2BsP+LrnnWNNdjkRSSSxrfy4CvFLsdQ9FI1FNz+oofEio6yPO+W47pBH//Nbj0\nwfeReW1OlbrtWF6NHZr4CfX+Lx9hu4CXXdXRWKdMDTYUywr0V6BiIsrNlN1z7XCy\n90+43twFhGBsOSVD5PpcDmt9oEYfpwWKdXO6dXClCo+mxAki/fgf5Y24cTT9DTQn\nCKuVZuyaMi+HZ0jf2sKITQ03S8+Nrn7cZEXkIGScfT5z1Y8pcN+7bRhB1DpaCs0q\nIIw6TjJXQm8DTMuBIwf3\n=oSCq\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04554677\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04554677\nVersion: 1\n\nHPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code,\nDenial of Service (DoS), or Other Vulnerabilties\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-02-18\nLast Updated: 2015-02-18\n\nPotential Security Impact: Remote execution of code, Denial of Service (DoS),\nor other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nNTP. These could be exploited remotely to execute code, create a Denial of\nService (DoS), or other vulnerabilities. \n\nReferences:\n\nCVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG)\n(CWE-332)\nCVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338)\nCVE-2014-9295 - Stack Buffer Overflow (CWE-121)\nCVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389)\nCVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions\n(CWE-754)\nSSRT101872\nVU#852879\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nHP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous\nHP-UX B.11.23 running XNTP version 3.5 or previous\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX\nB.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows\nbelow. \n\nThe B.11.31 patch is available from:\nftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw\ndepot/displayProductInfo.do?productNumber=HPUX-NTP\n\nMitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295\n\nRestrict query for server status (Time Service is not affected) from\nntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf\nfile. \n\nReference: http://support.ntp.org/bin/view/Main/SecurityNotice\n\nNOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and\nB.11.11 become available. \n\nMANUAL ACTIONS: No\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nNTP.INETSVCS2-BOOT\nNTP.NTP-AUX\nNTP.NTP-RUN\naction: install revision C.4.2.6.5.0 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 18 February 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\nOn December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. \n\nCisco will release free software updates that address these vulnerabilities. This situation may be exploitable by an attacker\n (CVE-2014-9296). \n \n Stephen Roettger of the Google Security Team, Sebastian Krahmer of\n the SUSE Security Team and Harlan Stenn of Network Time Foundation\n discovered that the length value in extension fields is not properly\n validated in several code paths in ntp_crypto.c, which could lead to\n information leakage or denial of service (CVE-2014-9297). \n \n Stephen Roettger of the Google Security Team reported that ACLs based\n on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298). \n \n The ntp package has been patched to fix these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9298\n http://advisories.mageia.org/MGASA-2014-0541.html\n http://advisories.mageia.org/MGASA-2015-0063.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 8f7d14b95c55bd1de7230cff0c8ea9d7 mbs2/x86_64/ntp-4.2.6p5-16.1.mbs2.x86_64.rpm\n 09063ab11459b1f935809b37c742ff12 mbs2/x86_64/ntp-client-4.2.6p5-16.1.mbs2.x86_64.rpm\n 7a0d0eca35911d9f15b76b474c5512cf mbs2/x86_64/ntp-doc-4.2.6p5-16.1.mbs2.noarch.rpm \n cb0371050702950084ff633ea45c2c5c mbs2/SRPMS/ntp-4.2.6p5-16.1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVF9K3mqjQ0CJFipgRAn26AJwInkxLvDh/Gbb3uYRz9IjuaSK8+ACgiM1Z\nrou2syvF1hyhVhxh7M5sv3c=\n=uncU\n-----END PGP SIGNATURE-----\n. \n\nCVE-2014-9293\n\n ntpd generated a weak key for its internal use, with full\n administrative privileges. Attackers could use this key to\n reconfigure ntpd (or to exploit other vulnerabilities). \n\nThe default ntpd configuration in Debian restricts access to localhost\n(and possible the adjacent network in case of IPv6). \n\nKeys explicitly generated by \"ntp-keygen -M\" should be regenerated. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-2+deb7u1. ============================================================================\nUbuntu Security Notice USN-2449-1\nDecember 22, 2014\n\nntp vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in NTP. A remote\nattacker could possibly use this issue to brute force the authentication\nkey and send requests if permitted by IP restrictions. (CVE-2014-9293)\n\nStephen Roettger discovered that NTP generated weak MD5 keys. A remote\nattacker could possibly use this issue to brute force the MD5 key and spoof\na client or server. (CVE-2014-9294)\n\nStephen Roettger discovered that NTP contained buffer overflows in the\ncrypto_recv(), ctl_putdata() and configure() functions. The default compiler options for affected releases should reduce the\nvulnerability to a denial of service. In addition, attackers would be\nisolated by the NTP AppArmor profile. (CVE-2014-9295)\n\nStephen Roettger discovered that NTP incorrectly continued processing when\nhandling certain errors. (CVE-2014-9296)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1\n\nUbuntu 14.04 LTS:\n ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1\n\nUbuntu 12.04 LTS:\n ntp 1:4.2.6.p3+dfsg-1ubuntu3.2\n\nUbuntu 10.04 LTS:\n ntp 1:4.2.4p8+dfsg-1ubuntu2.2\n\nAfter a standard system update you need to regenerate any MD5 keys that\nwere manually created with ntp-keygen. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2449-1\n CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2\n https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2\n. \nUnder Step2: your ITRC operating systems\n - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile\nto update appropriate sections. HP is\n\ncontinually reviewing and enhancing the security features of software\nproducts to provide customers with current\n\nsecure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the\nattention of users of the affected\n\nHP products the important security information contained in this Bulletin. HP\nrecommends that all users\n\ndetermine the applicability of this information to their individual\nsituations and take appropriate action. HP\n\ndoes not warrant that this information is necessarily accurate or complete\nfor all user situations and,\n\nconsequently, HP will not be responsible for any damages resulting from\nuser\u0027s use or disregard of the\n\ninformation provided in this Bulletin. To the extent permitted by law, HP\ndisclaims all warranties, either\n\nexpress or implied, including the warranties of merchantability and fitness\nfor a particular purpose, title and\n\nnon-infringement.\"\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. The net-misc/ntp package contains the official reference\nimplementation by the NTP Project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/ntp \u003c 4.2.8 \u003e= 4.2.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in NTP. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9293\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9293\n[ 2 ] CVE-2014-9294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9294\n[ 3 ] CVE-2014-9295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9295\n[ 4 ] CVE-2014-9296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9296\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-34.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9296"
},
{
"db": "CERT/CC",
"id": "VU#852879"
},
{
"db": "BID",
"id": "71758"
},
{
"db": "VULMON",
"id": "CVE-2014-9296"
},
{
"db": "PACKETSTORM",
"id": "129716"
},
{
"db": "PACKETSTORM",
"id": "130481"
},
{
"db": "PACKETSTORM",
"id": "129711"
},
{
"db": "PACKETSTORM",
"id": "131149"
},
{
"db": "PACKETSTORM",
"id": "129680"
},
{
"db": "PACKETSTORM",
"id": "129684"
},
{
"db": "PACKETSTORM",
"id": "130709"
},
{
"db": "PACKETSTORM",
"id": "129723"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#852879",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2014-9296",
"trust": 2.8
},
{
"db": "BID",
"id": "71758",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "62209",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10103",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-14-353-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201412-457",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-353-01A",
"trust": 0.3
},
{
"db": "JUNIPER",
"id": "JSA10663",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-353-01C",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129716",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130481",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129711",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131149",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129680",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129684",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130709",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129723",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#852879"
},
{
"db": "VULMON",
"id": "CVE-2014-9296"
},
{
"db": "BID",
"id": "71758"
},
{
"db": "PACKETSTORM",
"id": "129716"
},
{
"db": "PACKETSTORM",
"id": "130481"
},
{
"db": "PACKETSTORM",
"id": "129711"
},
{
"db": "PACKETSTORM",
"id": "131149"
},
{
"db": "PACKETSTORM",
"id": "129680"
},
{
"db": "PACKETSTORM",
"id": "129684"
},
{
"db": "PACKETSTORM",
"id": "130709"
},
{
"db": "PACKETSTORM",
"id": "129723"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-457"
},
{
"db": "NVD",
"id": "CVE-2014-9296"
}
]
},
"id": "VAR-201412-0612",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.38031465625000005
},
"last_update_date": "2024-09-17T20:54:56.675000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ntp-4.2.8",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52921"
},
{
"title": "Red Hat: Important: ntp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20142024 - Security Advisory"
},
{
"title": "Red Hat: Important: ntp security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20150104 - Security Advisory"
},
{
"title": "Red Hat: CVE-2014-9296",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-9296"
},
{
"title": "Debian CVElist Bug Report Logs: ntp: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1bb105aaeb75e38cf89e5f63d6e49db9"
},
{
"title": "Ubuntu Security Notice: ntp vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2449-1"
},
{
"title": "Debian Security Advisories: DSA-3108-1 ntp -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d5c63d464b27e49c6a53057fab75a16d"
},
{
"title": "Amazon Linux AMI: ALAS-2014-462",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-462"
},
{
"title": "Tenable Security Advisories: [R3] Tenable Appliance Affected by NTP Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2015-01"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for NTP Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=e9432b762bf2c2945bfb43af8d6842d5"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-9296"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-457"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-17",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141222-ntpd"
},
{
"trust": 2.6,
"url": "http://support.ntp.org/bin/view/main/securitynotice"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.8,
"url": "http://advisories.mageia.org/mgasa-2014-0541.html"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
},
{
"trust": 1.7,
"url": "http://bk1.ntp.org/ntp-dev/?page=patch\u0026rev=548ad06fexhk1hlzoy-wzvyynwvwag"
},
{
"trust": 1.7,
"url": "http://bugs.ntp.org/show_bug.cgi?id=2670"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2015-0104.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:003"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/71758"
},
{
"trust": 1.7,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04790232"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10103"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/62209"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
},
{
"trust": 1.6,
"url": "http://lists.ntp.org/pipermail/announce/2014-december/000122.html"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01"
},
{
"trust": 0.8,
"url": "http://support.ntp.org/bin/view/support/accessrestrictions#section_6.5.2"
},
{
"trust": 0.8,
"url": "http://www.ntp.org/downloads.html"
},
{
"trust": 0.8,
"url": "http://www.ntp.org/ntpfaq/ntp-s-algo-crypt.htm"
},
{
"trust": 0.8,
"url": "http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html"
},
{
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht6601"
},
{
"trust": 0.8,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15936.html"
},
{
"trust": 0.8,
"url": "https://www.freebsd.org/security/advisories/freebsd-sa-15:07.ntp.asc"
},
{
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2014-2024.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9294"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9295"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9293"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9296"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp"
},
{
"trust": 0.3,
"url": "http://www.ntp.org/"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10663\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-408044.htm"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx200355"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/jan/att-97/esa-2015-004.txt"
},
{
"trust": 0.3,
"url": "https://www.freebsd.org/security/advisories/freebsd-sa-14:31.ntp.asc"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04582466"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/sep/41"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04554677"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696755"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01a"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/101006440"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022036"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696812"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020645"
},
{
"trust": 0.3,
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097490"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966675"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/products/it/server/security/global/info/vulnerable/ntpd_cve-2014-9293.html"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9297"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/17.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2014:2024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-9296"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2449-1/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-353-01c"
},
{
"trust": 0.1,
"url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-14:31.ntp.asc\u003e"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch.asc"
},
{
"trust": 0.1,
"url": "https://security.freebsd.org/patches/sa-14:31/ntp.patch"
},
{
"trust": 0.1,
"url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296\u003e"
},
{
"trust": 0.1,
"url": "https://www.kb.cert.org/vuls/id/852879\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293\u003e"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/sw"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9294"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9296"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9293"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9297"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0063.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9298"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9298"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2449-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsea"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9294"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9296"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9295"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-34.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9293"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#852879"
},
{
"db": "VULMON",
"id": "CVE-2014-9296"
},
{
"db": "BID",
"id": "71758"
},
{
"db": "PACKETSTORM",
"id": "129716"
},
{
"db": "PACKETSTORM",
"id": "130481"
},
{
"db": "PACKETSTORM",
"id": "129711"
},
{
"db": "PACKETSTORM",
"id": "131149"
},
{
"db": "PACKETSTORM",
"id": "129680"
},
{
"db": "PACKETSTORM",
"id": "129684"
},
{
"db": "PACKETSTORM",
"id": "130709"
},
{
"db": "PACKETSTORM",
"id": "129723"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-457"
},
{
"db": "NVD",
"id": "CVE-2014-9296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#852879"
},
{
"db": "VULMON",
"id": "CVE-2014-9296"
},
{
"db": "BID",
"id": "71758"
},
{
"db": "PACKETSTORM",
"id": "129716"
},
{
"db": "PACKETSTORM",
"id": "130481"
},
{
"db": "PACKETSTORM",
"id": "129711"
},
{
"db": "PACKETSTORM",
"id": "131149"
},
{
"db": "PACKETSTORM",
"id": "129680"
},
{
"db": "PACKETSTORM",
"id": "129684"
},
{
"db": "PACKETSTORM",
"id": "130709"
},
{
"db": "PACKETSTORM",
"id": "129723"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-457"
},
{
"db": "NVD",
"id": "CVE-2014-9296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-19T00:00:00",
"db": "CERT/CC",
"id": "VU#852879"
},
{
"date": "2014-12-20T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9296"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71758"
},
{
"date": "2014-12-24T16:34:30",
"db": "PACKETSTORM",
"id": "129716"
},
{
"date": "2015-02-19T19:22:00",
"db": "PACKETSTORM",
"id": "130481"
},
{
"date": "2014-12-24T16:25:31",
"db": "PACKETSTORM",
"id": "129711"
},
{
"date": "2015-03-30T21:48:37",
"db": "PACKETSTORM",
"id": "131149"
},
{
"date": "2014-12-22T17:15:01",
"db": "PACKETSTORM",
"id": "129680"
},
{
"date": "2014-12-22T17:16:05",
"db": "PACKETSTORM",
"id": "129684"
},
{
"date": "2015-03-09T20:18:03",
"db": "PACKETSTORM",
"id": "130709"
},
{
"date": "2014-12-26T15:46:55",
"db": "PACKETSTORM",
"id": "129723"
},
{
"date": "2014-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-457"
},
{
"date": "2014-12-20T02:59:03.837000",
"db": "NVD",
"id": "CVE-2014-9296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-27T00:00:00",
"db": "CERT/CC",
"id": "VU#852879"
},
{
"date": "2021-11-17T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9296"
},
{
"date": "2016-10-26T08:13:00",
"db": "BID",
"id": "71758"
},
{
"date": "2021-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-457"
},
{
"date": "2021-11-17T22:15:39.130000",
"db": "NVD",
"id": "CVE-2014-9296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129716"
},
{
"db": "PACKETSTORM",
"id": "129711"
},
{
"db": "PACKETSTORM",
"id": "131149"
},
{
"db": "PACKETSTORM",
"id": "129684"
},
{
"db": "PACKETSTORM",
"id": "129723"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-457"
}
],
"trust": 1.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated)",
"sources": [
{
"db": "CERT/CC",
"id": "VU#852879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-457"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.