Vulnerability-Lookup

CVE-2013-5211 (GCVE-0-2013-5211)

Vulnerability from cvelistv5 – Published: 2014-01-02 11:00 – Updated: 2024-08-06 17:06

Summary

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/59288	third-party-advisoryx_refsource_SECUNIA
	https://h20564.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=138971294629419&w=2	vendor-advisoryx_refsource_HP
	http://www.us-cert.gov/ncas/alerts/TA14-013A	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/bid/64692	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/348126	third-party-advisoryx_refsource_CERT-VN
	http://marc.info/?l=bugtraq&m=144182594518755&w=2	vendor-advisoryx_refsource_HP
	http://openwall.com/lists/oss-security/2013/12/30/6	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/59726	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id/1030433	vdb-entryx_refsource_SECTRACK
	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp…	x_refsource_CONFIRM
	http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04	x_refsource_MISC
	http://aix.software.ibm.com/aix/efixes/security/n…	x_refsource_CONFIRM
	http://www-947.ibm.com/support/entry/portal/docdi…	x_refsource_CONFIRM
	http://lists.ntp.org/pipermail/pool/2011-December…	mailing-listx_refsource_MLIST
	http://openwall.com/lists/oss-security/2013/12/30/7	mailing-listx_refsource_MLIST
	http://marc.info/?l=bugtraq&m=138971294629419&w=2	vendor-advisoryx_refsource_HP
	http://www-947.ibm.com/support/entry/portal/docdi…	x_refsource_CONFIRM
	http://bugs.ntp.org/show_bug.cgi?id=1532	x_refsource_CONFIRM
	https://puppet.com/security/cve/puppetlabs-ntp-no…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:06:52.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "59288",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59288"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
          },
          {
            "name": "openSUSE-SU-2014:1149",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "HPSBUX02960",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
          },
          {
            "name": "TA14-013A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
          },
          {
            "name": "64692",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64692"
          },
          {
            "name": "VU#348126",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/348126"
          },
          {
            "name": "HPSBOV03505",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
          },
          {
            "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
          },
          {
            "name": "59726",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59726"
          },
          {
            "name": "1030433",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030433"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
          },
          {
            "name": "[pool] 20111210 Odd surge in traffic today",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
          },
          {
            "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
          },
          {
            "name": "SSRT101419",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "59288",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59288"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
        },
        {
          "name": "openSUSE-SU-2014:1149",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "HPSBUX02960",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
        },
        {
          "name": "TA14-013A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
        },
        {
          "name": "64692",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64692"
        },
        {
          "name": "VU#348126",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/348126"
        },
        {
          "name": "HPSBOV03505",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
        },
        {
          "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
        },
        {
          "name": "59726",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59726"
        },
        {
          "name": "1030433",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030433"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
        },
        {
          "name": "[pool] 20111210 Odd surge in traffic today",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
        },
        {
          "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
        },
        {
          "name": "SSRT101419",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5211",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "59288",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59288"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
            },
            {
              "name": "openSUSE-SU-2014:1149",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "HPSBUX02960",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
            },
            {
              "name": "TA14-013A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
            },
            {
              "name": "64692",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64692"
            },
            {
              "name": "VU#348126",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/348126"
            },
            {
              "name": "HPSBOV03505",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
            },
            {
              "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
            },
            {
              "name": "59726",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59726"
            },
            {
              "name": "1030433",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030433"
            },
            {
              "name": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz",
              "refsource": "CONFIRM",
              "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
            },
            {
              "name": "[pool] 20111210 Odd surge in traffic today",
              "refsource": "MLIST",
              "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
            },
            {
              "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
            },
            {
              "name": "SSRT101419",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892",
              "refsource": "CONFIRM",
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
            },
            {
              "name": "http://bugs.ntp.org/show_bug.cgi?id=1532",
              "refsource": "CONFIRM",
              "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
            },
            {
              "name": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5211",
    "datePublished": "2014-01-02T11:00:00.000Z",
    "dateReserved": "2013-08-15T00:00:00.000Z",
    "dateUpdated": "2024-08-06T17:06:52.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2014-AVI-308

Vulnerability from certfr_avis - Published: 2014-07-10 - Updated: 2014-07-10

De multiples vulnérabilités ont été corrigées dans Juniper Junos. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Junos (toutes les versions)
	N/A	N/A	Passerelles de services SRX Series

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10635 du 09 juillet 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10640 du 09 juillet 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10634 du 09 juillet 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10637 du 09 juillet 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10638 du 09 juillet 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10641 du 09 juillet 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10633 du 09 juillet 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10613 du 09 juillet 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos (toutes les versions)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Passerelles de services SRX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2004-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-0230"
    },
    {
      "name": "CVE-2014-3815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3815"
    },
    {
      "name": "CVE-2014-3816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3816"
    },
    {
      "name": "CVE-2013-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
    },
    {
      "name": "CVE-2014-3821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3821"
    },
    {
      "name": "CVE-2014-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3817"
    },
    {
      "name": "CVE-2014-3822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3822"
    },
    {
      "name": "CVE-2014-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3819"
    }
  ],
  "initial_release_date": "2014-07-10T00:00:00",
  "last_revision_date": "2014-07-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-308",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-07-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eJuniper Junos\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Junos",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10635 du 09 juillet 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10635\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10640 du 09 juillet 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10640\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10634 du 09 juillet 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10634\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10637 du 09 juillet 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10637\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10638 du 09 juillet 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10638\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10641 du 09 juillet 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10641\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10633 du 09 juillet 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10633\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10613 du 09 juillet 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10613\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2014-AVI-069

Vulnerability from certfr_avis - Published: 2014-02-13 - Updated: 2014-02-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper SRTM version 2012.1
N/A	N/A	Juniper SRTM version 2013.2
N/A	N/A	Toutes les produits Junos de Juniper
N/A	N/A	Juniper SRTM version 2010.0
N/A	N/A	Juniper SRTM version 2013.1
N/A	N/A	Juniper SRTM version 2012.0

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10614 du 12 février 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10613 du 12 février 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper SRTM version 2012.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRTM version 2013.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Toutes les produits Junos de Juniper",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRTM version 2010.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRTM version 2013.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRTM version 2012.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-0836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0836"
    },
    {
      "name": "CVE-2013-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
    },
    {
      "name": "CVE-2014-0835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0835"
    },
    {
      "name": "CVE-2014-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
    },
    {
      "name": "CVE-2014-0838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0838"
    },
    {
      "name": "CVE-2013-5448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5448"
    },
    {
      "name": "CVE-2013-6307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6307"
    }
  ],
  "initial_release_date": "2014-02-13T00:00:00",
  "last_revision_date": "2014-02-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-069",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10614 du 12 f\u00e9vrier 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10614"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10613 du 12 f\u00e9vrier 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10613"
    }
  ]
}

CERTA-2014-AVI-034

Vulnerability from certfr_avis - Published: 2014-01-15 - Updated: 2014-01-15

Une vulnérabilité a été corrigée dans ntpd. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

ntpd versions antérieures à 4.2.7p26

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité du 15 janvier 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003entpd versions ant\u00e9rieures \u00e0 4.2.7p26\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
    }
  ],
  "initial_release_date": "2014-01-15T00:00:00",
  "last_revision_date": "2014-01-15T00:00:00",
  "links": [],
  "reference": "CERTA-2014-AVI-034",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003entpd\u003c/span\u003e.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans ntpd",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 du 15 janvier 2014",
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using"
    }
  ]
}

CERTFR-2014-AVI-542

Vulnerability from certfr_avis - Published: 2014-12-30 - Updated: 2014-12-30

De multiples vulnérabilités ont été corrigées dans IBM Security Network Intrusion Prevention System. Elles permettent à un attaquant de provoquer un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM du 19 décembre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDe multiples produits sont impact\u00e9s. Se r\u00e9f\u00e9rer au bulletin de  l\u0027\u00e9diteur pour la liste exhaustive des produits.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0191"
    },
    {
      "name": "CVE-2013-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
    },
    {
      "name": "CVE-2013-2877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    }
  ],
  "initial_release_date": "2014-12-30T00:00:00",
  "last_revision_date": "2014-12-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-542",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Security Network Intrusion Prevention System\u003c/span\u003e.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Security Network Intrusion Prevention System",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 19 d\u00e9cembre 2014",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693458"
    }
  ]
}

CERTFR-2014-AVI-117

Vulnerability from certfr_avis - Published: 2014-03-12 - Updated: 2014-03-12

De multiples vulnérabilités ont été corrigées dans VMware vSphere. Elles permettent à un attaquant de provoquer un déni de service à distance et une amplification de déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	vCenter Server	VMware vCenter Server versions 5.5 Update 1 et antérieures
VMware	N/A	VMware Update Manager versions 5.5 Update 1 et antérieures
VMware	ESXi	VMware ESXi 5.5 versions antérieures à ESXi550-201403101-SG
VMware	vCenter Server	vCenter Server Appliance versions 5.5 Update 1 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2014-0002 du 11 mars 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vCenter Server versions 5.5 Update 1 et ant\u00e9rieures",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Update Manager versions 5.5 Update 1 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 5.5 versions ant\u00e9rieures \u00e0 ESXi550-201403101-SG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter Server Appliance versions 5.5 Update 1 et ant\u00e9rieures",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-4332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4332"
    },
    {
      "name": "CVE-2013-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
    }
  ],
  "initial_release_date": "2014-03-12T00:00:00",
  "last_revision_date": "2014-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-117",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Amplification de d\u00e9ni de service"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eVMware vSphere\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une amplification de d\u00e9ni de\nservice.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware vSphere",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2014-0002 du 11 mars 2014",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0002.html"
    }
  ]
}

CERTFR-2014-AVI-182

Vulnerability from certfr_avis - Published: 2014-04-15 - Updated: 2014-04-15

De multiples vulnérabilités ont été corrigées dans F5 ARX. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

F5 ARX de la version 6.0.0 à la version 6.4.0

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité F5 SOL15160 du 10 avril 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15154 du 10 avril 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eF5 ARX de la version 6.0.0 \u00e0 la version 6.4.0\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-0092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0092"
    },
    {
      "name": "CVE-2013-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
    }
  ],
  "initial_release_date": "2014-04-15T00:00:00",
  "last_revision_date": "2014-04-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-182",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eF5 ARX\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 ARX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15160 du 10 avril 2014",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15160.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15154 du 10 avril 2014",
      "url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15154.html"
    }
  ]
}

CERTFR-2014-AVI-526

Vulnerability from certfr_avis - Published: 2014-12-12 - Updated: 2014-12-12

Une vulnérabilité a été corrigée dans les produits Cisco. Elle permet à un attaquant de provoquer un déni de service à distance.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Emergency Responder 8.x
Cisco	N/A	Cisco Emergency Responder 9.x
Cisco	N/A	Cisco Unified MeetingPlace 8.x

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco du 11 décembre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Emergency Responder 8.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Emergency Responder 9.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified MeetingPlace 8.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5211"
    },
    {
      "name": "CVE-2013-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
    }
  ],
  "initial_release_date": "2014-12-12T00:00:00",
  "last_revision_date": "2014-12-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-526",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eles produits\nCisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 11 d\u00e9cembre 2014",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5211"
    }
  ]
}

CERTFR-2014-AVI-244

Vulnerability from certfr_avis - Published: 2014-05-27 - Updated: 2014-05-27

De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Solaris 8
Oracle	N/A	Solaris 11.1
Oracle	N/A	Solaris 9
Oracle	N/A	Solaris 10

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle du 22 mai 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Solaris 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Solaris 11.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Solaris 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Solaris 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
    },
    {
      "name": "CVE-2013-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0200"
    },
    {
      "name": "CVE-2013-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
    },
    {
      "name": "CVE-2013-6712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6712"
    },
    {
      "name": "CVE-2013-6420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6420"
    },
    {
      "name": "CVE-2013-1571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1571"
    },
    {
      "name": "CVE-2012-4037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4037"
    },
    {
      "name": "CVE-2006-4810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4810"
    },
    {
      "name": "CVE-2013-4242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4242"
    },
    {
      "name": "CVE-2010-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0205"
    },
    {
      "name": "CVE-2010-2249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2249"
    },
    {
      "name": "CVE-2013-4248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4248"
    },
    {
      "name": "CVE-2014-0098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2014-1943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1943"
    },
    {
      "name": "CVE-2014-2281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2281"
    },
    {
      "name": "CVE-2013-4496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4496"
    },
    {
      "name": "CVE-2013-4322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
    },
    {
      "name": "CVE-2013-5211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5211"
    },
    {
      "name": "CVE-2014-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
    },
    {
      "name": "CVE-2014-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0591"
    },
    {
      "name": "CVE-2012-3544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
    },
    {
      "name": "CVE-2014-2283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2283"
    },
    {
      "name": "CVE-2013-6438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
    },
    {
      "name": "CVE-2014-2270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2270"
    },
    {
      "name": "CVE-2013-4238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4238"
    },
    {
      "name": "CVE-2014-1912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1912"
    },
    {
      "name": "CVE-2014-2282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2282"
    }
  ],
  "initial_release_date": "2014-05-27T00:00:00",
  "last_revision_date": "2014-05-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-244",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 22 mai 2014",
      "url": "http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html"
    }
  ]
}

GSD-2013-5211

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-5211

Aliases

CVE-2013-5211

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5211",
    "description": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.",
    "id": "GSD-2013-5211",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-5211.html",
      "https://advisories.mageia.org/CVE-2013-5211.html",
      "https://linux.oracle.com/cve/CVE-2013-5211.html",
      "https://packetstormsecurity.com/files/cve/CVE-2013-5211"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5211"
      ],
      "details": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.",
      "id": "GSD-2013-5211",
      "modified": "2023-12-13T01:22:21.817914Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-5211",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "59288",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59288"
          },
          {
            "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
            "refsource": "CONFIRM",
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
          },
          {
            "name": "openSUSE-SU-2014:1149",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "HPSBUX02960",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
          },
          {
            "name": "TA14-013A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
          },
          {
            "name": "64692",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/64692"
          },
          {
            "name": "VU#348126",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/348126"
          },
          {
            "name": "HPSBOV03505",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
          },
          {
            "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
          },
          {
            "name": "59726",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/59726"
          },
          {
            "name": "1030433",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030433"
          },
          {
            "name": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz",
            "refsource": "CONFIRM",
            "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
          },
          {
            "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04",
            "refsource": "MISC",
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
          },
          {
            "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc",
            "refsource": "CONFIRM",
            "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
          },
          {
            "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861",
            "refsource": "CONFIRM",
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
          },
          {
            "name": "[pool] 20111210 Odd surge in traffic today",
            "refsource": "MLIST",
            "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
          },
          {
            "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
            "refsource": "MLIST",
            "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
          },
          {
            "name": "SSRT101419",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
          },
          {
            "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892",
            "refsource": "CONFIRM",
            "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
          },
          {
            "name": "http://bugs.ntp.org/show_bug.cgi?id=1532",
            "refsource": "CONFIRM",
            "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
          },
          {
            "name": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory",
            "refsource": "CONFIRM",
            "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p21:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5211"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[pool] 20111210 Odd surge in traffic today",
              "refsource": "MLIST",
              "tags": [
                "Broken Link"
              ],
              "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
            },
            {
              "name": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
            },
            {
              "name": "http://bugs.ntp.org/show_bug.cgi?id=1532",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
            },
            {
              "name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
            },
            {
              "name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
            },
            {
              "name": "TA14-013A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
            },
            {
              "name": "HPSBUX02960",
              "refsource": "HP",
              "tags": [
                "Mailing List"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
            },
            {
              "name": "VU#348126",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/348126"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
            },
            {
              "name": "1030433",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1030433"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
            },
            {
              "name": "59726",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/59726"
            },
            {
              "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
            },
            {
              "name": "59288",
              "refsource": "SECUNIA",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secunia.com/advisories/59288"
            },
            {
              "name": "openSUSE-SU-2014:1149",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
            },
            {
              "name": "HPSBOV03505",
              "refsource": "HP",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "64692",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/64692"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
            },
            {
              "name": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-11-01T12:51Z",
      "publishedDate": "2014-01-02T14:59Z"
    }
  }
}

FKIE_CVE-2013-5211

Vulnerability from fkie_nvd - Published: 2014-01-02 14:59 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc	Third Party Advisory
cve@mitre.org	http://bugs.ntp.org/show_bug.cgi?id=1532	Issue Tracking
cve@mitre.org	http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04	Third Party Advisory, US Government Resource
cve@mitre.org	http://lists.ntp.org/pipermail/pool/2011-December/005616.html	Broken Link
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html	Third Party Advisory
cve@mitre.org	http://marc.info/?l=bugtraq&m=138971294629419&w=2	Mailing List
cve@mitre.org	http://marc.info/?l=bugtraq&m=144182594518755&w=2	Mailing List, Third Party Advisory
cve@mitre.org	http://openwall.com/lists/oss-security/2013/12/30/6	Mailing List
cve@mitre.org	http://openwall.com/lists/oss-security/2013/12/30/7	Mailing List
cve@mitre.org	http://secunia.com/advisories/59288	Not Applicable
cve@mitre.org	http://secunia.com/advisories/59726	Not Applicable
cve@mitre.org	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861	Broken Link
cve@mitre.org	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892	Broken Link
cve@mitre.org	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/348126	Third Party Advisory, US Government Resource
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/64692	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1030433	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.us-cert.gov/ncas/alerts/TA14-013A	Third Party Advisory, US Government Resource
cve@mitre.org	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232	Third Party Advisory
cve@mitre.org	https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://bugs.ntp.org/show_bug.cgi?id=1532	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://lists.ntp.org/pipermail/pool/2011-December/005616.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=138971294629419&w=2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=144182594518755&w=2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2013/12/30/6	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2013/12/30/7	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59288	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/59726	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/348126	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/64692	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030433	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/ncas/alerts/TA14-013A	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory	Broken Link

Impacted products

Vendor	Product	Version
opensuse	opensuse	11.4
ntp	ntp	*
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7
oracle	linux	6
oracle	linux	7

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC55810-13AD-49D2-AFE5-A95F00824915",
              "versionEndExcluding": "4.2.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "8CAC15F6-514F-4BED-A2A5-E89F4349D8AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p0:*:*:*:*:*:*",
              "matchCriteriaId": "B481C553-B73E-4DA2-9D5E-3774FF846590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2AFDFCA1-0D59-4973-ACFE-CB75BD934154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p10:*:*:*:*:*:*",
              "matchCriteriaId": "A04F57D2-2D27-4FBF-8530-2AC3FB744E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p11:*:*:*:*:*:*",
              "matchCriteriaId": "518C32C8-0558-46A1-8532-90DBA1616221",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p12:*:*:*:*:*:*",
              "matchCriteriaId": "7E43BA6C-4FAE-4B96-90D3-E212BD21233D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p13:*:*:*:*:*:*",
              "matchCriteriaId": "2D4E0EEC-92AD-43B2-8539-921AAA0BAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p14:*:*:*:*:*:*",
              "matchCriteriaId": "5EC4F7DB-7769-4F81-B301-C973D0EB2E01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p15:*:*:*:*:*:*",
              "matchCriteriaId": "3862A517-5302-4CC5-A553-E8ED8F408984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p16:*:*:*:*:*:*",
              "matchCriteriaId": "5E23550B-55D9-4D2A-868C-1F2E5833FFD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p17:*:*:*:*:*:*",
              "matchCriteriaId": "703DD909-3E63-46AF-BDBD-DB99035D17C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p18:*:*:*:*:*:*",
              "matchCriteriaId": "9307FD4B-AF64-476B-A238-1C8C9E8D7938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p19:*:*:*:*:*:*",
              "matchCriteriaId": "19D2387E-78A0-42BD-B33E-5CE2858888DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "EF76B320-FE22-4528-9189-982909B67EA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p20:*:*:*:*:*:*",
              "matchCriteriaId": "4212F77B-AD87-47CE-972E-ADDF3E0A855C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p21:*:*:*:*:*:*",
              "matchCriteriaId": "26DC7E1A-9F45-4F71-8EBE-8C4811757511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*",
              "matchCriteriaId": "93AEBFB8-C063-4862-ADA5-32C8AD6A215D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*",
              "matchCriteriaId": "AD38DF5B-0FE3-46B0-9313-0BEDB2FB85BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*",
              "matchCriteriaId": "19B1C33A-80DD-4942-81A3-5A91B77B902D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*",
              "matchCriteriaId": "FE315238-7191-4A2E-A3C6-2162BE589C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "5453B367-AF6E-49F1-A448-EEC9BD30F774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E0040B79-5D07-4BEA-8861-8D827FB31735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "D00C1A08-1AFF-4AED-9F32-6F7400E24427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6478C98A-FC07-457D-996D-53B9361B52D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*",
              "matchCriteriaId": "C1D01BD4-27BF-49BD-9305-F26E0EC778AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*",
              "matchCriteriaId": "F4E82220-4E07-41B0-952A-9C0CC0973D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*",
              "matchCriteriaId": "38F02F01-569A-445D-A954-D9369E0B8850",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
              "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
    },
    {
      "lang": "es",
      "value": "La caracter\u00edstica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (amplificaci\u00f3n de tr\u00e1fico) a trav\u00e9s de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013."
    }
  ],
  "id": "CVE-2013-5211",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-02T14:59:03.470",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/59288"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/59726"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/348126"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/64692"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030433"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/59288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secunia.com/advisories/59726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/348126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/64692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2Q29-VHPQ-HPV3

Vulnerability from github – Published: 2022-05-14 02:11 – Updated: 2022-05-14 02:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-02T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.",
  "id": "GHSA-2q29-vhpq-hpv3",
  "modified": "2022-05-14T02:11:38Z",
  "published": "2022-05-14T02:11:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5211"
    },
    {
      "type": "WEB",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
    },
    {
      "type": "WEB",
      "url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
    },
    {
      "type": "WEB",
      "url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2013/12/30/6"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2013/12/30/7"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59288"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/59726"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
    },
    {
      "type": "WEB",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
    },
    {
      "type": "WEB",
      "url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/348126"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/64692"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030433"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-5211 (GCVE-0-2013-5211)

Solution

Solution

Solution

Solution

Solution

Solution

Contournement provisoire

Solution

Tags

Sightings

Nomenclature