CVE-2013-5211 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
opensuse	opensuse	11.4
ntp	ntp	𝑥 < 4.2.7
ntp	ntp	4.2.7
ntp	ntp	4.2.7:p0
ntp	ntp	4.2.7:p1
ntp	ntp	4.2.7:p10
ntp	ntp	4.2.7:p11
ntp	ntp	4.2.7:p12
ntp	ntp	4.2.7:p13
ntp	ntp	4.2.7:p14
ntp	ntp	4.2.7:p15
ntp	ntp	4.2.7:p16
ntp	ntp	4.2.7:p17
ntp	ntp	4.2.7:p18
ntp	ntp	4.2.7:p19
ntp	ntp	4.2.7:p2
ntp	ntp	4.2.7:p20
ntp	ntp	4.2.7:p21
ntp	ntp	4.2.7:p22
ntp	ntp	4.2.7:p23
ntp	ntp	4.2.7:p24
ntp	ntp	4.2.7:p25
ntp	ntp	4.2.7:p3
ntp	ntp	4.2.7:p4
ntp	ntp	4.2.7:p5
ntp	ntp	4.2.7:p6
ntp	ntp	4.2.7:p7
ntp	ntp	4.2.7:p8
ntp	ntp	4.2.7:p9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

ntp

bullseye	1:4.2.8p15+dfsg-1 fixed
jessie	no-dsa
wheezy	no-dsa
squeeze	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

ntp

saucy	ignored
raring	ignored
quantal	ignored
precise	ignored
lucid	ignored

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc

http://bugs.ntp.org/show_bug.cgi?id=1532

http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04

http://lists.ntp.org/pipermail/pool/2011-December/005616.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html

http://marc.info/?l=bugtraq&m=138971294629419&w=2

http://marc.info/?l=bugtraq&m=138971294629419&w=2

http://marc.info/?l=bugtraq&m=144182594518755&w=2

http://openwall.com/lists/oss-security/2013/12/30/6

http://openwall.com/lists/oss-security/2013/12/30/7

http://secunia.com/advisories/59288

http://secunia.com/advisories/59726

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892

http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz

http://www.kb.cert.org/vuls/id/348126

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/64692

http://www.securitytracker.com/id/1030433

http://www.us-cert.gov/ncas/alerts/TA14-013A

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232

https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory

http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc

http://bugs.ntp.org/show_bug.cgi?id=1532

http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04

http://lists.ntp.org/pipermail/pool/2011-December/005616.html

http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html

http://marc.info/?l=bugtraq&m=138971294629419&w=2

http://marc.info/?l=bugtraq&m=138971294629419&w=2

http://marc.info/?l=bugtraq&m=144182594518755&w=2

http://openwall.com/lists/oss-security/2013/12/30/6

http://openwall.com/lists/oss-security/2013/12/30/7

http://secunia.com/advisories/59288

http://secunia.com/advisories/59726

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892

http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz

http://www.kb.cert.org/vuls/id/348126

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.securityfocus.com/bid/64692

http://www.securitytracker.com/id/1030433

http://www.us-cert.gov/ncas/alerts/TA14-013A

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232

https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory