Vulnerability-Lookup

CVE-2015-7976 (GCVE-0-2015-7976)

Vulnerability from cvelistv5 – Published: 2017-01-30 21:00 – Updated: 2024-08-06 08:06

Summary

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2015-7976

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7976

Aliases

CVE-2015-7976

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7976",
    "description": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.",
    "id": "GSD-2015-7976",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-7976.html",
      "https://ubuntu.com/security/CVE-2015-7976"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7976"
      ],
      "details": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.",
      "id": "GSD-2015-7976",
      "modified": "2023-12-13T01:20:02.005812Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-7976",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
          },
          {
            "name": "USN-3096-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-3096-1"
          },
          {
            "name": "SUSE-SU-2016:1177",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
          },
          {
            "name": "SUSE-SU-2016:1912",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
          },
          {
            "name": "1034782",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034782"
          },
          {
            "name": "openSUSE-SU-2016:1292",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
          },
          {
            "name": "VU#718152",
            "refsource": "CERT-VN",
            "url": "https://www.kb.cert.org/vuls/id/718152"
          },
          {
            "name": "SUSE-SU-2016:1247",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
          },
          {
            "name": "http://support.ntp.org/bin/view/Main/NtpBug2938",
            "refsource": "CONFIRM",
            "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
          },
          {
            "name": "SUSE-SU-2016:1311",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
          },
          {
            "name": "SUSE-SU-2016:2094",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:1175",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
          },
          {
            "name": "FreeBSD-SA-16:09",
            "refsource": "FREEBSD",
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
          },
          {
            "name": "https://bto.bluecoat.com/security-advisory/sa113",
            "refsource": "CONFIRM",
            "url": "https://bto.bluecoat.com/security-advisory/sa113"
          },
          {
            "name": "openSUSE-SU-2016:1423",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
          },
          {
            "name": "GLSA-201607-15",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201607-15"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.2.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7976"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-254"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#718152",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/718152"
            },
            {
              "name": "GLSA-201607-15",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201607-15"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa113",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://bto.bluecoat.com/security-advisory/sa113"
            },
            {
              "name": "USN-3096-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3096-1"
            },
            {
              "name": "1034782",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1034782"
            },
            {
              "name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
              "refsource": "CISCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
            },
            {
              "name": "http://support.ntp.org/bin/view/Main/NtpBug2938",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
            },
            {
              "name": "openSUSE-SU-2016:1423",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
            },
            {
              "name": "SUSE-SU-2016:2094",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:1912",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
            },
            {
              "name": "SUSE-SU-2016:1311",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
            },
            {
              "name": "openSUSE-SU-2016:1292",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
            },
            {
              "name": "SUSE-SU-2016:1247",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
            },
            {
              "name": "SUSE-SU-2016:1177",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
            },
            {
              "name": "SUSE-SU-2016:1175",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
            },
            {
              "name": "FreeBSD-SA-16:09",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2018-10-30T16:27Z",
      "publishedDate": "2017-01-30T21:59Z"
    }
  }
}

CERTFR-2016-AVI-045

Vulnerability from certfr_avis - Published: 2016-02-02 - Updated: 2016-02-02

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Digital Media Manager (DMM)
Cisco	N/A	Cisco NAC Guest Server versions antérieures à 2.1.0 (disponible le 19 février 2016)
Cisco	IOS	IOS-XR for Cisco Network Convergence System (NCS) 6000
Cisco	N/A	Cisco Intelligent Automation for Cloud
Cisco	N/A	Cisco DCM Series 9900-Digital Content Manager versions antérieures à 18.0 (disponible le 31 mars 2016)
Cisco	N/A	Cisco Video Surveillance Media Server
Cisco	N/A	Cisco FireSIGHT System Software versions antérieures à 6.1 (disponible en juin 2016)
Cisco	Unified Communications Manager Session Management Edition	Cisco Unified Communications Manager Session Management Edition (SME)
Cisco	N/A	Cisco Videoscape Policy and Resource Management
Cisco	N/A	Cisco Management Heartbeat Server versions antérieures à RMS5.x MR (disponible le 29 juillet 2016)
Cisco	N/A	Cisco Standalone rack server CIMC
Cisco	N/A	Cloud Object Store (COS) versions antérieures à 3.8 (disponible le 9 avril 2016)
Cisco	N/A	Cisco Universal Small Cell 7000 Series exécutant la version V3.4.2.x
Cisco	N/A	Cisco Finesse
Cisco	N/A	Cisco Hosted Collaboration Mediation Fulfillment
Cisco	N/A	Cisco TelePresence Video Communication Server (VCS) versions antérieures à 8.7.1 (disponible le 22 février 2016)
Cisco	N/A	Cisco UCS Central
Cisco	N/A	Cisco TelePresence Conductor versions antérieures à XC4.2 (disponible le 30 mars 2016)
Cisco	N/A	Cisco Application and Content Networking System (ACNS) versions antérieures à 5.5.41 (disponible le 29 février 2016)
Cisco	N/A	Cisco Digital Media Manager
Cisco	N/A	Cisco Virtual Topology System
Cisco	N/A	Cisco IP Interoperability and Collaboration System (IPICS)
Cisco	Unified Communications	Unified Communications Deployment Tools
Cisco	N/A	Cisco Enterprise Content Delivery System (ECDS) versions antérieures à 2.6.7 (disponible le 30 avril 2016)
Cisco	N/A	Cisco Quantum Virtualized Packet Core
Cisco	N/A	Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1
Cisco	N/A	Cisco ASA CX et Cisco Prime Security Manager versions antérieures à 9.3.4.5 (disponible le 30 mai 2016)
Cisco	Jabber	Cisco Jabber Guest 10.0(2)
Cisco	N/A	Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.1(11) Patch 1 (disponible le 31 mars 2016)
Cisco	N/A	Cisco 910 Industrial Router
Cisco	Expressway Series	Cisco Expressway Series versions antérieures à 8.7.1 (disponible le 22 février 2016)
Cisco	N/A	Cisco TelePresence MX Series
Cisco	N/A	Cisco TelePresence SX Series
Cisco	N/A	Cisco Clean Access Manager versions antérieures à 4.9.5 (disponible le 19 février 2016)
Cisco	N/A	Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016)
Cisco	N/A	Cisco Fog Director version 1.0(0)
Cisco	N/A	Cisco Universal Small Cell 5000 Series exécutant la version V3.4.2.x
Cisco	N/A	Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)
Cisco	N/A	Cisco Service Control Operating System
Cisco	N/A	Cisco Media Experience Engines (MXE)
Cisco	N/A	Cisco Application Policy Infrastructure Controller (APIC)
Cisco	N/A	Cisco Telepresence Integrator C Series
Cisco	N/A	Cisco TelePresence EX Series
Cisco	N/A	Cisco Edge 300 Digital Media Player versions antérieures à 1.6RB4_4 (disponible le 25 février 2016)
Cisco	N/A	Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.3(05) Patch 1 (disponible le 30 avril 2016)
Cisco	Unified Communications Manager	Cisco Unified Communications Manager (UCM)
Cisco	N/A	Cisco TelePresence Profile Series
Cisco	N/A	Cisco 3G Femtocell Wireless versions antérieures à SR10MR (disponible le 29 juillet 2016)
Cisco	N/A	Cisco NAC Server versions antérieures à 4.9.5 (disponible le 19 février 2016)

References

Title

Publication Time

FKIE_CVE-2015-7976

Vulnerability from fkie_nvd - Published: 2017-01-30 21:59 - Updated: 2025-04-20 01:37

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html	Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html	Third Party Advisory
cve@mitre.org	http://support.ntp.org/bin/view/Main/NtpBug2938	Vendor Advisory
cve@mitre.org	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd	Third Party Advisory
cve@mitre.org	http://www.securitytracker.com/id/1034782	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/USN-3096-1	Third Party Advisory
cve@mitre.org	https://bto.bluecoat.com/security-advisory/sa113	Third Party Advisory
cve@mitre.org	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
cve@mitre.org	https://security.gentoo.org/glsa/201607-15	Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20171031-0001/
cve@mitre.org	https://www.kb.cert.org/vuls/id/718152	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.ntp.org/bin/view/Main/NtpBug2938	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034782	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-3096-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa113	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201607-15	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20171031-0001/
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/718152	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
ntp	ntp	4.1.2
ntp	ntp	*
ntp	ntp	4.3.0
ntp	ntp	4.3.1
ntp	ntp	4.3.2
ntp	ntp	4.3.3
ntp	ntp	4.3.4
ntp	ntp	4.3.5
ntp	ntp	4.3.6
ntp	ntp	4.3.7
ntp	ntp	4.3.8
ntp	ntp	4.3.9
ntp	ntp	4.3.10
ntp	ntp	4.3.11
ntp	ntp	4.3.12
ntp	ntp	4.3.13
ntp	ntp	4.3.14
ntp	ntp	4.3.15
ntp	ntp	4.3.16
ntp	ntp	4.3.17
ntp	ntp	4.3.18
ntp	ntp	4.3.19
ntp	ntp	4.3.20
ntp	ntp	4.3.21
ntp	ntp	4.3.22
ntp	ntp	4.3.23
ntp	ntp	4.3.24
ntp	ntp	4.3.25
ntp	ntp	4.3.26
ntp	ntp	4.3.27
ntp	ntp	4.3.28
ntp	ntp	4.3.29
ntp	ntp	4.3.30
ntp	ntp	4.3.31
ntp	ntp	4.3.32
ntp	ntp	4.3.33
ntp	ntp	4.3.34
ntp	ntp	4.3.35
ntp	ntp	4.3.36
ntp	ntp	4.3.37
ntp	ntp	4.3.38
ntp	ntp	4.3.39
ntp	ntp	4.3.40
ntp	ntp	4.3.41
ntp	ntp	4.3.42
ntp	ntp	4.3.43
ntp	ntp	4.3.44
ntp	ntp	4.3.45
ntp	ntp	4.3.46
ntp	ntp	4.3.47
ntp	ntp	4.3.48
ntp	ntp	4.3.49
ntp	ntp	4.3.50
ntp	ntp	4.3.51
ntp	ntp	4.3.52
ntp	ntp	4.3.53
ntp	ntp	4.3.54
ntp	ntp	4.3.55
ntp	ntp	4.3.56
ntp	ntp	4.3.57
ntp	ntp	4.3.58
ntp	ntp	4.3.59
ntp	ntp	4.3.60
ntp	ntp	4.3.61
ntp	ntp	4.3.62
ntp	ntp	4.3.63
ntp	ntp	4.3.64
ntp	ntp	4.3.65
ntp	ntp	4.3.66
ntp	ntp	4.3.67
ntp	ntp	4.3.68
ntp	ntp	4.3.69
ntp	ntp	4.3.70
ntp	ntp	4.3.71
ntp	ntp	4.3.72
ntp	ntp	4.3.73
ntp	ntp	4.3.74
ntp	ntp	4.3.75
ntp	ntp	4.3.76
ntp	ntp	4.3.77
ntp	ntp	4.3.78
ntp	ntp	4.3.79
ntp	ntp	4.3.80
ntp	ntp	4.3.81
ntp	ntp	4.3.82
ntp	ntp	4.3.83
ntp	ntp	4.3.84
ntp	ntp	4.3.85
ntp	ntp	4.3.86
ntp	ntp	4.3.87
ntp	ntp	4.3.88
ntp	ntp	4.3.89
suse	linux_enterprise_debuginfo	11
suse	linux_enterprise_debuginfo	11
suse	linux_enterprise_debuginfo	11
suse	manager	2.1
suse	manager_proxy	2.1
novell	suse_openstack_cloud	5
opensuse	leap	42.1
opensuse	opensuse	13.2
suse	linux_enterprise_desktop	12
suse	linux_enterprise_desktop	12
suse	linux_enterprise_server	10
suse	linux_enterprise_server	11
suse	linux_enterprise_server	11
suse	linux_enterprise_server	11
suse	linux_enterprise_server	12
suse	suse_linux_enterprise_server	12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
              "matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
              "versionEndIncluding": "4.2.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "74268F7D-058C-4E84-9D7E-3853A95918BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
              "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
              "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
              "matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
    },
    {
      "lang": "es",
      "value": "El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a trav\u00e9s de un nombre de archivo manipulado."
    }
  ],
  "id": "CVE-2015-7976",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-30T21:59:00.330",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/718152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/718152"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-254"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-02629

Vulnerability from cnvd - Published: 2016-04-27

Title

NTP ntpq组件权限提升漏洞

Description

NTP（Network Time Protocol，网络时间协议）是一种以数据包交换把两台电脑的时钟同步化的网络协议。 NTP 4.2.8p5版本的ntpq组件中存在权限提升漏洞，远程攻击者可通过操纵‘filename’参数，利用该漏洞影响完整性。

Severity

中

Patch Name

NTP ntpq组件权限提升漏洞的补丁

Patch Description

NTP（Network Time Protocol，网络时间协议）是一种以数据包交换把两台电脑的时钟同步化的网络协议。 NTP 4.2.8p5版本的ntpq组件中存在权限提升漏洞，远程攻击者可通过操纵‘filename’参数，利用该漏洞影响完整性。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit

Reference

http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit

Impacted products

Name
Ntp Ntp 4.2.8p5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7976"
    }
  },
  "description": "NTP\uff08Network Time Protocol\uff0c\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\uff09\u662f\u4e00\u79cd\u4ee5\u6570\u636e\u5305\u4ea4\u6362\u628a\u4e24\u53f0\u7535\u8111\u7684\u65f6\u949f\u540c\u6b65\u5316\u7684\u7f51\u7edc\u534f\u8bae\u3002\r\n\r\nNTP 4.2.8p5\u7248\u672c\u7684ntpq\u7ec4\u4ef6\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u64cd\u7eb5\u0026lsquo;filename\u0026rsquo;\u53c2\u6570\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u5b8c\u6574\u6027\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02629",
  "openTime": "2016-04-27",
  "patchDescription": "NTP\uff08Network Time Protocol\uff0c\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\uff09\u662f\u4e00\u79cd\u4ee5\u6570\u636e\u5305\u4ea4\u6362\u628a\u4e24\u53f0\u7535\u8111\u7684\u65f6\u949f\u540c\u6b65\u5316\u7684\u7f51\u7edc\u534f\u8bae\u3002\r\n\r\nNTP 4.2.8p5\u7248\u672c\u7684ntpq\u7ec4\u4ef6\u4e2d\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u64cd\u7eb5\u0026lsquo;filename\u0026rsquo;\u53c2\u6570\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u5b8c\u6574\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NTP ntpq\u7ec4\u4ef6\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Ntp Ntp 4.2.8p5"
  },
  "referenceLink": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-22",
  "title": "NTP ntpq\u7ec4\u4ef6\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

GHSA-GH77-QWR7-PQM7

Vulnerability from github – Published: 2022-05-14 02:04 – Updated: 2025-04-20 03:32

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7976"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-30T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.",
  "id": "GHSA-gh77-qwr7-pqm7",
  "modified": "2025-04-20T03:32:01Z",
  "published": "2022-05-14T02:04:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7976"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa113"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201607-15"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20171031-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/718152"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
    },
    {
      "type": "WEB",
      "url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034782"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3096-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7976 (GCVE-0-2015-7976)

GSD-2015-7976

CERTFR-2016-AVI-045

Solution

FKIE_CVE-2015-7976

CNVD-2016-02629

GHSA-GH77-QWR7-PQM7

Tags

Sightings

Nomenclature