Vulnerability-Lookup

CVE-2009-3563 (GCVE-0-2009-3563)

Vulnerability from cvelistv5 – Published: 2009-12-09 00:00 – Updated: 2024-08-07 06:31

Summary

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.kb.cert.org/vuls/id/568372	third-party-advisory
	http://secunia.com/advisories/38832	third-party-advisory
	http://kb.juniper.net/InfoCenter/index?page=conte…
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignature
	http://support.avaya.com/css/P8/documents/100071808
	http://secunia.com/advisories/38794	third-party-advisory
	http://lists.vmware.com/pipermail/security-announ…	mailing-list
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisory
	https://bugzilla.redhat.com/show_bug.cgi?id=531213
	http://secunia.com/advisories/38764	third-party-advisory
	http://support.ntp.org/bin/view/Main/SecurityNoti…
	http://www.kb.cert.org/vuls/id/MAPG-7X7V6J
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignature
	http://www.securityfocus.com/bid/37255	vdb-entry
	http://marc.info/?l=bugtraq&m=136482797910018&w=2	vendor-advisory
	http://secunia.com/advisories/39593	third-party-advisory
	http://www-01.ibm.com/support/docview.wss?uid=isg…	vendor-advisory
	http://www.vupen.com/english/advisories/2010/0993	vdb-entry
	http://www.debian.org/security/2009/dsa-1948	vendor-advisory
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
	http://aix.software.ibm.com/aix/efixes/security/x…
	http://marc.info/?l=bugtraq&m=130168580504508&w=2	vendor-advisory
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisory
	http://www-01.ibm.com/support/docview.wss?uid=isg…	vendor-advisory
	http://marc.info/?l=bugtraq&m=130168580504508&w=2	vendor-advisory
	https://support.ntp.org/bugs/show_bug.cgi?id=1331
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignature
	http://secunia.com/advisories/37922	third-party-advisory
	ftp://ftp.netbsd.org/pub/NetBSD/security/advisori…	vendor-advisory
	http://secunia.com/advisories/38834	third-party-advisory
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisory
	http://security-tracker.debian.org/tracker/CVE-20…
	http://securitytracker.com/id?1023298	vdb-entry
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignature
	https://rhn.redhat.com/errata/RHSA-2009-1651.html	vendor-advisory
	http://secunia.com/advisories/37629	third-party-advisory
	https://rhn.redhat.com/errata/RHSA-2010-0095.html	vendor-advisory
	http://kb.juniper.net/InfoCenter/index?page=conte…
	http://marc.info/?l=bugtraq&m=136482797910018&w=2	vendor-advisory
	https://lists.ntp.org/pipermail/announce/2009-Dec…	mailing-list
	http://www.vupen.com/english/advisories/2010/0510	vdb-entry
	https://rhn.redhat.com/errata/RHSA-2009-1648.html	vendor-advisory
	http://www.kb.cert.org/vuls/id/MAPG-7X7VD7
	http://www.vupen.com/english/advisories/2010/0528	vdb-entry
	https://www.kb.cert.org/vuls/id/417980	third-party-advisory

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:10.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#568372",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/568372"
          },
          {
            "name": "38832",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38832"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
          },
          {
            "name": "oval:org.mitre.oval:def:11225",
            "tags": [
              "vdb-entry",
              "signature",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.avaya.com/css/P8/documents/100071808"
          },
          {
            "name": "38794",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "FEDORA-2009-13121",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
          },
          {
            "name": "38764",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38764"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
          },
          {
            "name": "oval:org.mitre.oval:def:19376",
            "tags": [
              "vdb-entry",
              "signature",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
          },
          {
            "name": "37255",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37255"
          },
          {
            "name": "SSRT101144",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
          },
          {
            "name": "39593",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39593"
          },
          {
            "name": "IZ71047",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
          },
          {
            "name": "ADV-2010-0993",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0993"
          },
          {
            "name": "DSA-1948",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1948"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
          },
          {
            "name": "HPSBUX02639",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
          },
          {
            "name": "1021781",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
          },
          {
            "name": "IZ68659",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
          },
          {
            "name": "SSRT100293",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
          },
          {
            "name": "oval:org.mitre.oval:def:7076",
            "tags": [
              "vdb-entry",
              "signature",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
          },
          {
            "name": "37922",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37922"
          },
          {
            "name": "NetBSD-SA2010-005",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
          },
          {
            "name": "38834",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "FEDORA-2009-13090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
          },
          {
            "name": "1023298",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023298"
          },
          {
            "name": "oval:org.mitre.oval:def:12141",
            "tags": [
              "vdb-entry",
              "signature",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
          },
          {
            "name": "RHSA-2009:1651",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
          },
          {
            "name": "37629",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37629"
          },
          {
            "name": "RHSA-2010:0095",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
          },
          {
            "name": "HPSBUX02859",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
          },
          {
            "name": "[announce] 20091208 NTP 4.2.4p8 Released",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
          },
          {
            "name": "ADV-2010-0510",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0510"
          },
          {
            "name": "RHSA-2009:1648",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
          },
          {
            "name": "ADV-2010-0528",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          },
          {
            "name": "VU#417980",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/417980"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-12-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-19T21:06:04.060Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#568372",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.kb.cert.org/vuls/id/568372"
        },
        {
          "name": "38832",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/38832"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
        },
        {
          "name": "oval:org.mitre.oval:def:11225",
          "tags": [
            "vdb-entry",
            "signature"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
        },
        {
          "url": "http://support.avaya.com/css/P8/documents/100071808"
        },
        {
          "name": "38794",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/38794"
        },
        {
          "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
          "tags": [
            "mailing-list"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
        },
        {
          "name": "FEDORA-2009-13121",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
        },
        {
          "name": "38764",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/38764"
        },
        {
          "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
        },
        {
          "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
        },
        {
          "name": "oval:org.mitre.oval:def:19376",
          "tags": [
            "vdb-entry",
            "signature"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
        },
        {
          "name": "37255",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/37255"
        },
        {
          "name": "SSRT101144",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
        },
        {
          "name": "39593",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/39593"
        },
        {
          "name": "IZ71047",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
        },
        {
          "name": "ADV-2010-0993",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0993"
        },
        {
          "name": "DSA-1948",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1948"
        },
        {
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
        },
        {
          "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
        },
        {
          "name": "HPSBUX02639",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
        },
        {
          "name": "1021781",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
        },
        {
          "name": "IZ68659",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
        },
        {
          "name": "SSRT100293",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
        },
        {
          "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
        },
        {
          "name": "oval:org.mitre.oval:def:7076",
          "tags": [
            "vdb-entry",
            "signature"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
        },
        {
          "name": "37922",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/37922"
        },
        {
          "name": "NetBSD-SA2010-005",
          "tags": [
            "vendor-advisory"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
        },
        {
          "name": "38834",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/38834"
        },
        {
          "name": "FEDORA-2009-13090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
        },
        {
          "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
        },
        {
          "name": "1023298",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://securitytracker.com/id?1023298"
        },
        {
          "name": "oval:org.mitre.oval:def:12141",
          "tags": [
            "vdb-entry",
            "signature"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
        },
        {
          "name": "RHSA-2009:1651",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
        },
        {
          "name": "37629",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/37629"
        },
        {
          "name": "RHSA-2010:0095",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
        },
        {
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
        },
        {
          "name": "HPSBUX02859",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
        },
        {
          "name": "[announce] 20091208 NTP 4.2.4p8 Released",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
        },
        {
          "name": "ADV-2010-0510",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0510"
        },
        {
          "name": "RHSA-2009:1648",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
        },
        {
          "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
        },
        {
          "name": "ADV-2010-0528",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0528"
        },
        {
          "name": "VU#417980",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/417980"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3563",
    "datePublished": "2009-12-09T00:00:00.000Z",
    "dateReserved": "2009-10-05T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:31:10.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2010-AVI-002

Vulnerability from certfr_avis - Published: 2010-01-07 - Updated: 2010-10-06

Une vulnérabilité dans NTPD permet à un utilisateur d'effectuer un déni de service à distance.

Description

Une vulnérabilité dans NTPD permet à un utilisateur d'effectuer un déni de service à distance en envoyant un paquet UDP spécialement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	NTPD versions antérieures à 4.2.4p8 ;
	N/A	N/A	NTPD versions antérieures à 4.2.6.

References

Title

Publication Time

Tags

Rapport de bogue #1331 de NTP du 31 décembre 2009	None	vendor-advisory
Bulletin de sécurité HP #c01961959 du 23 mars 2010 :	-	other
Bulletin de sécurité HP Tru64 UNIX c01961950 du 04 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "NTPD versions ant\u00e9rieures \u00e0 4.2.4p8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "NTPD versions ant\u00e9rieures \u00e0 4.2.6.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans NTPD permet \u00e0 un utilisateur d\u0027effectuer un d\u00e9ni\nde service \u00e0 distance en envoyant un paquet UDP sp\u00e9cialement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    }
  ],
  "initial_release_date": "2010-01-07T00:00:00",
  "last_revision_date": "2010-10-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c01961959 du 23 mars 2010 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document/.jsp?objectID=c01961959"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP Tru64 UNIX c01961950 du 04 octobre    2010 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01961950"
    }
  ],
  "reference": "CERTA-2010-AVI-002",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-01-07T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HP.",
      "revision_date": "2010-03-26T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 HP Tru64 UNIX.",
      "revision_date": "2010-10-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans NTPD permet \u00e0 un utilisateur d\u0027effectuer un d\u00e9ni\nde service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans NTPD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de bogue #1331 de NTP du 31 d\u00e9cembre 2009",
      "url": "http://support.ntp.org/bugs/show_bug.cgi?id=1331"
    }
  ]
}

CERTA-2010-AVI-106

Vulnerability from certfr_avis - Published: 2010-03-04 - Updated: 2010-03-04

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système ou d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware vMA 4.0 sans le patch 3.
VMware	N/A	VMware ESX 3.0.3 ;
VMware	N/A	VMware ESX 3.5 ;
VMware	N/A	VMware ESX 2.5.5 ;
VMware	N/A	VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 03 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware vMA 4.0 sans le patch 3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.0.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 2.5.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.0 sans les patchs SX400-201002404-SG, SX400-201002406-SG, SX400-201002407-SG ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2905"
    },
    {
      "name": "CVE-2009-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1387"
    },
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2009-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2849"
    },
    {
      "name": "CVE-2009-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3916"
    },
    {
      "name": "CVE-2009-0115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0115"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3613"
    },
    {
      "name": "CVE-2009-4022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4022"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2009-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3620"
    },
    {
      "name": "CVE-2009-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1189"
    },
    {
      "name": "CVE-2009-3228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3228"
    },
    {
      "name": "CVE-2009-3547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3547"
    },
    {
      "name": "CVE-2009-2695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2695"
    },
    {
      "name": "CVE-2008-4316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4316"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2008-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3916"
    },
    {
      "name": "CVE-2009-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1386"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-3286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3286"
    },
    {
      "name": "CVE-2008-4552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4552"
    },
    {
      "name": "CVE-2009-3612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3612"
    },
    {
      "name": "CVE-2009-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3621"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    },
    {
      "name": "CVE-2009-2904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2904"
    },
    {
      "name": "CVE-2009-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2908"
    },
    {
      "name": "CVE-2009-3726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3726"
    }
  ],
  "initial_release_date": "2010-03-04T00:00:00",
  "last_revision_date": "2010-03-04T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me ou d\u0027entraver son bon fonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 03 mars 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    }
  ]
}

CERTFR-2014-AVI-480

Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPOS versions antérieures à 6.6R2
ESET	Security	Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2
Juniper Networks	N/A	CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6
Juniper Networks	Junos Space	Junos Space jusqu'à la version 13.3
Juniper Networks	Secure Analytics	Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2
ESET	Security	Network and Security Manager (NSM) version 2012.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10661 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10657 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10658 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10659 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10660 du 11 novembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Network and Security Manager (NSM) version 2012.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
    },
    {
      "name": "CVE-2010-3853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2010-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
    },
    {
      "name": "CVE-2012-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
    },
    {
      "name": "CVE-2012-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
    },
    {
      "name": "CVE-2014-0460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2012-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
    },
    {
      "name": "CVE-2014-4827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
    },
    {
      "name": "CVE-2013-1635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2013-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2012-0788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
    },
    {
      "name": "CVE-2010-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
    },
    {
      "name": "CVE-2013-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2014-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
    },
    {
      "name": "CVE-2013-1643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
    },
    {
      "name": "CVE-2013-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
    },
    {
      "name": "CVE-2010-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
    },
    {
      "name": "CVE-2014-7169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2011-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
    },
    {
      "name": "CVE-2011-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2014-4825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
    },
    {
      "name": "CVE-2010-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
    },
    {
      "name": "CVE-2012-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2014-0453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2010-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
    },
    {
      "name": "CVE-2014-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2014-4828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
    },
    {
      "name": "CVE-2014-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
    },
    {
      "name": "CVE-2010-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
    },
    {
      "name": "CVE-2014-3470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
    },
    {
      "name": "CVE-2014-3062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2010-2956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2014-4833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
    },
    {
      "name": "CVE-2011-4566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
    },
    {
      "name": "CVE-2014-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2014-6278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2014-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
    },
    {
      "name": "CVE-2010-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2010-5107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
    },
    {
      "name": "CVE-2009-1265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
    },
    {
      "name": "CVE-2010-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
    },
    {
      "name": "CVE-2012-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
    },
    {
      "name": "CVE-2011-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
    },
    {
      "name": "CVE-2010-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2013-5908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
    },
    {
      "name": "CVE-2014-3091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "initial_release_date": "2014-11-13T00:00:00",
  "last_revision_date": "2014-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-480",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
    }
  ]
}

CERTFR-2015-AVI-146

Vulnerability from certfr_avis - Published: 2015-04-13 - Updated: 2015-04-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper NSM versions antérieures à 2012.2R12
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R9
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 6.6R5
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.2X50-D70
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 11.4R12
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2X51-D30
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R7
Juniper Networks	N/A	Juniper NSM versions antérieures à 2012.2R11
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R10
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2R6
Juniper Networks	N/A	Juniper CTPView versions antérieures à 7.1R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.3R6
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.2R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3X48-D10
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 7.0R4
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1X53-D10
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X46-D35
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X47-D25
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1R5
Juniper Networks	N/A	Juniper CTPOS versions antérieures à 7.1R1
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.1X44-D50
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.3R5
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2X52-D15
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.1R3
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 14.2R3
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.2R8
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.2R9
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 13.1X50-D30
Juniper Networks	N/A	Juniper IDP OS versions antérieures à 5.1r4

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10679 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10676 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10673 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10672 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10680 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10677 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10678 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10675 du 07 avril 2015	None	vendor-advisory
Bulletin de sécurité Juniper JSA10674 du 07 avril 2015	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 6.6R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.2X50-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 11.4R12",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2X51-D30",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper NSM versions ant\u00e9rieures \u00e0 2012.2R11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2R6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPView versions ant\u00e9rieures \u00e0 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.3R6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3X48-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 7.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D35",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X47-D25",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper CTPOS versions ant\u00e9rieures \u00e0 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.1X44-D50",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.3R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2X52-D15",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 14.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.2R8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.2R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 13.1X50-D30",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper IDP OS versions ant\u00e9rieures \u00e0 5.1r4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2014-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3571"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-3002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3002"
    },
    {
      "name": "CVE-2014-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3570"
    },
    {
      "name": "CVE-2015-3004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3004"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2015-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0206"
    },
    {
      "name": "CVE-2015-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2012-5195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5195"
    },
    {
      "name": "CVE-2011-0539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0539"
    },
    {
      "name": "CVE-2015-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
    },
    {
      "name": "CVE-2010-4478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4478"
    },
    {
      "name": "CVE-2015-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
    },
    {
      "name": "CVE-2014-4478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4478"
    },
    {
      "name": "CVE-2015-3003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3003"
    },
    {
      "name": "CVE-2012-0814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0814"
    },
    {
      "name": "CVE-2015-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0204"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2015-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
    },
    {
      "name": "CVE-2014-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8275"
    },
    {
      "name": "CVE-2015-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0205"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2015-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
    },
    {
      "name": "CVE-2015-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
    },
    {
      "name": "CVE-2014-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3572"
    },
    {
      "name": "CVE-2014-3569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3569"
    },
    {
      "name": "CVE-2015-3005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3005"
    },
    {
      "name": "CVE-2014-8500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8500"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    },
    {
      "name": "CVE-2015-3006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3006"
    }
  ],
  "initial_release_date": "2015-04-13T00:00:00",
  "last_revision_date": "2015-04-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-146",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10679 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10679"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10676 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10676"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10673 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10672 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10680 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10680"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10677 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10677"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10678 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10678"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10675 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10675"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10674 du 07 avril 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10674"
    }
  ]
}

CERTFR-2023-AVI-0553

Vulnerability from certfr_avis - Published: 2023-07-17 - Updated: 2023-07-17

Une vulnérabilité a été découverte dans les commutateurs Moxa. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	séries PT-7728 versions 3.8 et antérieures sans le dernier correctif de sécurité
Moxa	N/A	séries PT-G7828 versions 6.2 et antérieures sans le dernier correctif de sécurité
Moxa	N/A	séries PT-7828 versions 3.9 et antérieures sans le dernier correctif de sécurité
Moxa	N/A	séries PT-508 versions 3.8 et antérieures sans le dernier correctif de sécurité
Moxa	N/A	séries MDS-G4012 versions 1.2 et antérieures sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa MPSA-230307 du 13 juillet 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "s\u00e9ries PT-7728 versions 3.8 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries PT-G7828 versions 6.2 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries PT-7828 versions 3.9 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries PT-508 versions 3.8 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "s\u00e9ries MDS-G4012 versions 1.2 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    }
  ],
  "initial_release_date": "2023-07-17T00:00:00",
  "last_revision_date": "2023-07-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0553",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les commutateurs Moxa. Elle\npermet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les commutateurs Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa MPSA-230307 du 13 juillet 2023",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230307-multiple-switch-series-affected-by-ntp-denial-of-service-vulnerability"
    }
  ]
}

FKIE_CVE-2009-3563

Vulnerability from fkie_nvd - Published: 2009-12-09 18:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
cve@mitre.org	http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
cve@mitre.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
cve@mitre.org	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
cve@mitre.org	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=130168580504508&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=136482797910018&w=2
cve@mitre.org	http://secunia.com/advisories/37629
cve@mitre.org	http://secunia.com/advisories/37922
cve@mitre.org	http://secunia.com/advisories/38764
cve@mitre.org	http://secunia.com/advisories/38794
cve@mitre.org	http://secunia.com/advisories/38832
cve@mitre.org	http://secunia.com/advisories/38834
cve@mitre.org	http://secunia.com/advisories/39593
cve@mitre.org	http://security-tracker.debian.org/tracker/CVE-2009-3563
cve@mitre.org	http://securitytracker.com/id?1023298
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
cve@mitre.org	http://support.avaya.com/css/P8/documents/100071808
cve@mitre.org	http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode	Patch
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
cve@mitre.org	http://www.debian.org/security/2009/dsa-1948	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/568372	Patch, US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/MAPG-7X7V6J
cve@mitre.org	http://www.kb.cert.org/vuls/id/MAPG-7X7VD7
cve@mitre.org	http://www.securityfocus.com/bid/37255	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0510
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0528
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0993
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=531213
cve@mitre.org	https://lists.ntp.org/pipermail/announce/2009-December/000086.html
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2009-1648.html
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2009-1651.html
cve@mitre.org	https://rhn.redhat.com/errata/RHSA-2010-0095.html
cve@mitre.org	https://support.ntp.org/bugs/show_bug.cgi?id=1331
cve@mitre.org	https://www.kb.cert.org/vuls/id/417980
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc
af854a3a-2127-422b-91ae-364da2661108	http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
af854a3a-2127-422b-91ae-364da2661108	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=130168580504508&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=136482797910018&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37629
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37922
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38764
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38794
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38832
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38834
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39593
af854a3a-2127-422b-91ae-364da2661108	http://security-tracker.debian.org/tracker/CVE-2009-3563
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023298
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/css/P8/documents/100071808
af854a3a-2127-422b-91ae-364da2661108	http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1948	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/568372	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/MAPG-7X7V6J
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/MAPG-7X7VD7
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37255	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0510
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0528
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0993
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=531213
af854a3a-2127-422b-91ae-364da2661108	https://lists.ntp.org/pipermail/announce/2009-December/000086.html
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2009-1648.html
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2009-1651.html
af854a3a-2127-422b-91ae-364da2661108	https://rhn.redhat.com/errata/RHSA-2010-0095.html
af854a3a-2127-422b-91ae-364da2661108	https://support.ntp.org/bugs/show_bug.cgi?id=1331
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/417980
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html

Impacted products

Vendor	Product	Version
ntp	ntp	*
ntp	ntp	4.0.72
ntp	ntp	4.0.73
ntp	ntp	4.0.90
ntp	ntp	4.0.91
ntp	ntp	4.0.92
ntp	ntp	4.0.93
ntp	ntp	4.0.94
ntp	ntp	4.0.95
ntp	ntp	4.0.96
ntp	ntp	4.0.97
ntp	ntp	4.0.98
ntp	ntp	4.0.99
ntp	ntp	4.1.0
ntp	ntp	4.1.2
ntp	ntp	4.2.0
ntp	ntp	4.2.2
ntp	ntp	4.2.2p1
ntp	ntp	4.2.2p2
ntp	ntp	4.2.2p3
ntp	ntp	4.2.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73B1FD64-D156-45BC-9713-77E163DF731C",
              "versionEndIncluding": "4.2.2p4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "25AB2D70-2807-4970-ACD3-9B4751A1F9D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C78C19-5A09-4883-8144-AE861A244FEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "437C8BA8-F437-4166-838D-EDC64E7A67DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "104AEC97-3C2A-48D2-BA63-08502F88F8D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D67E30-E303-4F79-9929-4A5B587FCDB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9BD95B5-322C-4CDC-A2DB-A06D4DA3B104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BD63969-D18D-41AF-9814-DA1A207BDE80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EAD8958-173A-4FCC-9420-A148BA5F73E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "B271F6AD-D829-4671-8FA7-7D921364B426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "C25E03A8-46B5-4AC7-8506-4C255D7CC400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C76CD53-CC9F-491A-952F-9A82D6E20058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "E749D64E-5C47-4A34-9F3C-1D34F8348058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0C9CBB-D52F-4F7C-B343-E685A3996BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "088BFFA4-1AAB-4699-9793-F731A81B296A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3475779-383A-4128-9145-474EC08030FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "782BAA3D-A639-4B25-83F0-741074C88D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF367FA4-2C7F-4040-89DE-8A97A069A802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D11498-3FC4-4890-9B10-BBA74A01C9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C2B888-66D6-45D3-97E3-C711B1C6971A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
    },
    {
      "lang": "es",
      "value": "ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantaci\u00f3n de (1) petici\u00f3n o (2) paquete respueta lo que lanza continuo intercambio de errores de respuesta MODE_PRIVATE entre dos demonios NTP."
    }
  ],
  "id": "CVE-2009-3563",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-09T18:30:00.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37629"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37922"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38764"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38832"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/39593"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023298"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/css/P8/documents/100071808"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1948"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/568372"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/37255"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/0510"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/0993"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.kb.cert.org/vuls/id/417980"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/css/P8/documents/100071808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/568372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/37255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/417980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-3563

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-3563

Aliases

CVE-2009-3563

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3563",
    "description": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",
    "id": "GSD-2009-3563",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3563.html",
      "https://www.debian.org/security/2009/dsa-1948",
      "https://access.redhat.com/errata/RHSA-2009:1651",
      "https://access.redhat.com/errata/RHSA-2009:1648",
      "https://linux.oracle.com/cve/CVE-2009-3563.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3563"
      ],
      "details": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",
      "id": "GSD-2009-3563",
      "modified": "2023-12-13T01:19:49.509033Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3563",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#568372",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/568372"
          },
          {
            "name": "38832",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38832"
          },
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
          },
          {
            "name": "oval:org.mitre.oval:def:11225",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
          },
          {
            "name": "http://support.avaya.com/css/P8/documents/100071808",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/css/P8/documents/100071808"
          },
          {
            "name": "38794",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38794"
          },
          {
            "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
            "refsource": "MLIST",
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
          },
          {
            "name": "FEDORA-2009-13121",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=531213",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
          },
          {
            "name": "38764",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38764"
          },
          {
            "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode",
            "refsource": "CONFIRM",
            "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
          },
          {
            "name": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J",
            "refsource": "CONFIRM",
            "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
          },
          {
            "name": "oval:org.mitre.oval:def:19376",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
          },
          {
            "name": "37255",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37255"
          },
          {
            "name": "SSRT101144",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
          },
          {
            "name": "39593",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39593"
          },
          {
            "name": "IZ71047",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
          },
          {
            "name": "ADV-2010-0993",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0993"
          },
          {
            "name": "DSA-1948",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1948"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
          },
          {
            "name": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc",
            "refsource": "CONFIRM",
            "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
          },
          {
            "name": "HPSBUX02639",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
          },
          {
            "name": "1021781",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
          },
          {
            "name": "IZ68659",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
          },
          {
            "name": "SSRT100293",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
          },
          {
            "name": "https://support.ntp.org/bugs/show_bug.cgi?id=1331",
            "refsource": "CONFIRM",
            "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
          },
          {
            "name": "oval:org.mitre.oval:def:7076",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
          },
          {
            "name": "37922",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37922"
          },
          {
            "name": "NetBSD-SA2010-005",
            "refsource": "NETBSD",
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
          },
          {
            "name": "38834",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38834"
          },
          {
            "name": "FEDORA-2009-13090",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
          },
          {
            "name": "http://security-tracker.debian.org/tracker/CVE-2009-3563",
            "refsource": "CONFIRM",
            "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
          },
          {
            "name": "1023298",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1023298"
          },
          {
            "name": "oval:org.mitre.oval:def:12141",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
          },
          {
            "name": "RHSA-2009:1651",
            "refsource": "REDHAT",
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
          },
          {
            "name": "37629",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37629"
          },
          {
            "name": "RHSA-2010:0095",
            "refsource": "REDHAT",
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
          },
          {
            "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691",
            "refsource": "CONFIRM",
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
          },
          {
            "name": "HPSBUX02859",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
          },
          {
            "name": "[announce] 20091208 NTP 4.2.4p8 Released",
            "refsource": "MLIST",
            "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
          },
          {
            "name": "ADV-2010-0510",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0510"
          },
          {
            "name": "RHSA-2009:1648",
            "refsource": "REDHAT",
            "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
          },
          {
            "name": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7",
            "refsource": "CONFIRM",
            "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
          },
          {
            "name": "ADV-2010-0528",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0528"
          },
          {
            "name": "VU#417980",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/417980"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.2p4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3563"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2009:1651",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
            },
            {
              "name": "DSA-1948",
              "refsource": "DEBIAN",
              "tags": [
                "Patch"
              ],
              "url": "http://www.debian.org/security/2009/dsa-1948"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
            },
            {
              "name": "1023298",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023298"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
            },
            {
              "name": "37255",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/37255"
            },
            {
              "name": "RHSA-2009:1648",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
            },
            {
              "name": "[announce] 20091208 NTP 4.2.4p8 Released",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
            },
            {
              "name": "VU#568372",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/568372"
            },
            {
              "name": "http://security-tracker.debian.org/tracker/CVE-2009-3563",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
            },
            {
              "name": "https://support.ntp.org/bugs/show_bug.cgi?id=1331",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=531213",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
            },
            {
              "name": "FEDORA-2009-13121",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
            },
            {
              "name": "FEDORA-2009-13090",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
            },
            {
              "name": "RHSA-2010:0095",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
            },
            {
              "name": "http://support.avaya.com/css/P8/documents/100071808",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/css/P8/documents/100071808"
            },
            {
              "name": "37922",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37922"
            },
            {
              "name": "IZ71047",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
            },
            {
              "name": "37629",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37629"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
            },
            {
              "name": "ADV-2010-0510",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0510"
            },
            {
              "name": "38764",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38764"
            },
            {
              "name": "IZ68659",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
            },
            {
              "name": "38794",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38794"
            },
            {
              "name": "ADV-2010-0528",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0528"
            },
            {
              "name": "38832",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38832"
            },
            {
              "name": "38834",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38834"
            },
            {
              "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
            },
            {
              "name": "NetBSD-SA2010-005",
              "refsource": "NETBSD",
              "tags": [],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
            },
            {
              "name": "39593",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39593"
            },
            {
              "name": "ADV-2010-0993",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0993"
            },
            {
              "name": "1021781",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
            },
            {
              "name": "SSRT101144",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
            },
            {
              "name": "HPSBUX02639",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
            },
            {
              "name": "oval:org.mitre.oval:def:7076",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
            },
            {
              "name": "oval:org.mitre.oval:def:19376",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
            },
            {
              "name": "oval:org.mitre.oval:def:12141",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
            },
            {
              "name": "oval:org.mitre.oval:def:11225",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-19T01:29Z",
      "publishedDate": "2009-12-09T18:30Z"
    }
  }
}

GHSA-GM22-X89C-4H54

Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-3563"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-09T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.",
  "id": "GHSA-gm22-x89c-4h54",
  "modified": "2022-05-03T03:20:29Z",
  "published": "2022-05-03T03:20:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
    },
    {
      "type": "WEB",
      "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
    },
    {
      "type": "WEB",
      "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
    },
    {
      "type": "WEB",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37629"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37922"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38764"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38832"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38834"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39593"
    },
    {
      "type": "WEB",
      "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023298"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/css/P8/documents/100071808"
    },
    {
      "type": "WEB",
      "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1948"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/568372"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37255"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0510"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0528"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0993"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3563 (GCVE-0-2009-3563)

Description

Solution

Description

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature