ID

VAR-200912-0769

CVE

CVE-2009-3563

TITLE

NTP mode 7 denial-of-service vulnerability

DESCRIPTION

ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. NTP contains a vulnerability in the handling of mode 7 requests, which can result in a denial-of-service condition. A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.CVE-2009-3563 Unknown CVE-2024-1309 Unknown CVE-2024-2169 AffectedCVE-2009-3563 Unknown CVE-2024-1309 Unknown CVE-2024-2169 Affected. NTP is prone to a remote denial-of-service vulnerability because it fails to properly handle certain incoming network packets. An attacker can exploit this issue to cause the application to consume excessive CPU resources and fill disk space with log messages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0009 Synopsis: ESXi ntp and ESX Service Console third party updates Issue date: 2010-05-27 Updated on: 2010-05-27 (initial release of advisory) CVE numbers: CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 CVE-2007-4567 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2006-6304 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272 CVE-2009-3563 CVE-2009-4355 CVE-2009-2409 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-4212 CVE-2009-1384 CVE-2010-0097 CVE-2010-0290 CVE-2009-3736 CVE-2010-0001 CVE-2010-0426 CVE-2010-0427 CVE-2010-0382 - ------------------------------------------------------------------------ 1. Summary ESXi update for ntp and ESX Console OS (COS) updates for COS kernel, openssl, krb5, gcc, bind, gzip, sudo. 2. Relevant releases VMware ESX 4.0.0 without patches ESX400-201005401-SG, ESX400-201005406-SG, ESX400-201005408-SG, ESX400-201005407-SG, ESX400-201005405-SG, ESX400-201005409-SG 3. Problem Description a. Service Console update for COS kernel Updated COS package "kernel" addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005401-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 4.0 ESXi ESXi400-201005401-SG ESXi 3.5 ESXi affected, patch pending ESX any ESX not applicable vMA any RHEL5 not applicable * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005401-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 affected, patch pending** * hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** see VMSA-2010-0004 d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue. The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005406-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue. A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue. NOTE: ESX does not use the BIND name service daemon by default. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005408-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. f. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not applicable ESX 4.0 ESX ESX400-201005407-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. g. Service Console package gzip update to 1.3.3-15.rhel3 gzip is a software application used for file compression An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005405-SG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX affected, patch pending vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-201005409-SG ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable ESX 2.5.5 ESX not applicable vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- http://bit.ly/aqTCqn md5sum: ace37cd8d7c6388edcea2798ba8be939 sha1sum: 8fe7312fe74a435e824d879d4f1ff33df25cee78 http://kb.vmware.com/kb/1013127 Note ESX400-201005001 contains the following security bulletins ESX400-201005404-SG (ntp), ESX400-201005405-SG (gzip), ESX400-201005408-SG (bind), ESX400-201005401-SG (kernel, openssl), ESX400-201005406-SG (krb5, pam_krb5), ESX400-201005402-SG (JRE), ESX400-201005403-SG (expat), ESX400-201005409-SG (sudo), ESX400-201005407-SG (gcc). 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4536 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382 - ------------------------------------------------------------------------ 6. Change log 2010-05-27 VMSA-2010-0009 Initial security advisory after release of patch 06 bulletins for ESX 4.0 on 2010-05-27 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkv/V8IACgkQS2KysvBH1xnqNgCcCwwelsQK6DQjcTc2wnIPp0EW E70An2gfkiCQ5FNqvf3y+kNredxyVZwI =JW3s -----END PGP SIGNATURE----- . Corrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE) 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE) 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE) 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9) 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15) CVE Name: CVE-2009-3563 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. II. Problem Description If ntpd receives a mode 7 (MODE_PRIVATE) request or error response from a source address not listed in either a 'restrict ... noquery' or a 'restrict ... ignore' section it will log the even and send a mode 7 error response. III. IV. Workaround Proper filtering of mode 7 NTP packets by a firewall can limit the number of systems used to attack your resources. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch # fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/ntp/ntpd # make obj && make depend && make && make install # /etc/rc.d/ntpd restart VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.13 src/sys/conf/newvers.sh 1.69.2.18.2.15 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.20 src/sys/conf/newvers.sh 1.69.2.15.2.19 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1 RELENG_7 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2 RELENG_7_2 src/UPDATING 1.507.2.23.2.9 src/sys/conf/newvers.sh 1.72.2.11.2.10 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.13 src/sys/conf/newvers.sh 1.72.2.9.2.14 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1 RELENG_8 src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.5 src/sys/conf/newvers.sh 1.83.2.6.2.5 src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r201679 releng/6.4/ r201679 releng/6.3/ r201679 stable/7/ r201679 releng/7.2/ r201679 releng/7.1/ r201679 stable/8/ r201679 releng/8.0/ r201679 head/ r200576 - ------------------------------------------------------------------------- VII. Release Date: 2013-03-27 Last Updated: 2013-05-14 Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code. References: CVE-2009-3563, CVE-2009-0159 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 running XNTP version 3.5 without PHNE_41177. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3563 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2009-0159 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following upgrade and patch to resolve these vulnerabilities. The upgrade is available by downloading from software.hp.com -> HPUX 11i Software -> Internet ready and networking -> HP-UX Network Time Protocol version 4 or directly from https://h20392.www2.hp.com/portal/swdepot/displayP roductInfo.do?productNumber=HPUX-NTP Please review the Installation link at the bottom of the page. NOTE: Patch PHNE_42470 is a required patch, necessary for reliable system operation MANUAL ACTIONS: Yes - Update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 ================== NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.0.0 or subsequent Networking.NET-PRG Networking.NET-RUN OS-Core.SYS-ADMIN ProgSupport.C-INC Networking.NET-RUN-64 Networking.NET2-KRN Networking.NET2-RUN Networking.NMS2-KRN OS-Core.CORE2-KRN OS-Core.SYS2-ADMIN Networking.NET-RUN-64 Networking.NET2-KRN Networking.NET2-RUN Networking.NMS2-KRN OS-Core.CORE2-KRN OS-Core.SYS2-ADMIN action: install patch PHNE_42470 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 27 March 2013 Initial release Version:2 (rev.2) - 8 April 2013 Corrected typo in References section Version:3 (rev.3) - 14 May 2013 Added required patch to Resolution section Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

AFFECTED PRODUCTS