Details of VAR-201604-0129

ID

VAR-201604-0129

CVE

CVE-2016-3961

TITLE

Xen and Linux Kernel Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002112

DESCRIPTION

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. Xen is an open source virtual machine monitor product. Xen's PV virtual machine has a security vulnerability when enabling hugetlbfs support, allowing an attacker to exploit this vulnerability to trigger an infinite loop of error pages for a denial of service attack. Xen is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the kernel, resulting in a denial-of-service condition. ========================================================================== Ubuntu Security Notice USN-3001-1 June 10, 2016 linux-lts-vivid vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty Details: Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117) Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583) Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004) Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187) Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672) Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951) It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. (CVE-2016-3961) Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485) Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486) Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565) It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-3.19.0-61-generic 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-generic-lpae 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-lowlatency 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc-e500mc 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc-smp 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc64-emb 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc64-smp 3.19.0-61.69~14.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-3001-1 CVE-2015-4004, CVE-2016-1583, CVE-2016-2117, CVE-2016-2187, CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-3961, CVE-2016-4485, CVE-2016-4486, CVE-2016-4565, CVE-2016-4581 Package Information: https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-61.69~14.04.1 . (CVE-2014-9904) Kirill A. References: http://www.ubuntu.com/usn/usn-3127-1 CVE-2014-9904, CVE-2015-3288, CVE-2016-3961, CVE-2016-7042 Package Information: https://launchpad.net/ubuntu/+source/linux/3.13.0-101.148 --w/VI3ydZO+RcZ3Ux -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJYJZIfAAoJEC8Jno0AXoH0insP/jaaUxVzufGQH9ssk/AaERQY mV60G8AmRGNR7bhU6yT3d1ia/NgsB5a0aZZ/mXBM0O5bwFo2958Vc8QPrZPqMFWh aC/xgP/ahn+CMJLpGdlUSDX75QVlOwAjszKVFo4DmFGiNbOMabW55ApdI1/fYnWP qr9Ag3eJH393HSquBMha+pRJBbQ+sr1KO/WjnTsuFJy5YqU2h/g3LypM+F5AHgbr gOXkWKpWJd+v1EP/uI+/MuoNigKfOs8r00Nbv8gNN8v/txGI/kSx2fCn4/aYQIwY 6WcOeONFsiriqYfSAZRPONWeCu5Huawc1y9Zs06ksy/vvZoNH/6dSvUyE5SI+T7m clMYC54ZEwkwmIu73bi+V8Ceodl+wtDl053Ekw8DGHrSj6I5O4BYH/kn1eRBDrdm AWe9KrchnfVTIOeb0H0S8Nb1XT4TcYFhY9JaQYCGQ2VKhGudKLJnwa0Hp1/uG8lr BWK4lp7FYIZztbsVR1vgcAwLmsb9D8PGm96qvrzunw3U2aQCtWU/QGMqwcMPgnVG hWE8o/l8GvZ5Ca5hj3tuMRT0pkzsN2jJbMQaJfNRbopoqopffpccdxOBCWvBuCDN T0bHGA+OO7o0OYms1nSPE/COopTBOyYRtYLVh3XIG93pGqK6XbZT8Ze9swmrktPj i+0yvWd0c7yq7dhf1if9 =07Pv -----END PGP SIGNATURE----- --w/VI3ydZO+RcZ3Ux--

Trust: 3.06

sources: NVD: CVE-2016-3961 // JVNDB: JVNDB-2016-002112 // CNVD: CNVD-2016-02390 // BID: 86068 // VULMON: CVE-2016-3961 // PACKETSTORM: 138261 // PACKETSTORM: 137419 // PACKETSTORM: 138270 // PACKETSTORM: 137416 // PACKETSTORM: 137417 // PACKETSTORM: 139678

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02390

AFFECTED PRODUCTS

vendor:	xen	model:	xen	scope:	lte	version:	4.5.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	xen	model:	xen	scope:	lte	version:	4.5.x	Trust: 0.8
vendor:	xen	model:	pv	scope:	-	version:	-	Trust: 0.6
vendor:	xen	model:	xen	scope:	eq	version:	4.5.3	Trust: 0.6
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3

sources: CNVD: CNVD-2016-02390 // BID: 86068 // JVNDB: JVNDB-2016-002112 // CNNVD: CNNVD-201604-330 // NVD: CVE-2016-3961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3961
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3961
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-02390
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201604-330
value:	LOW
Trust: 0.6
VULMON:	CVE-2016-3961
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-3961
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-02390
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-3961
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02390 // VULMON: CVE-2016-3961 // JVNDB: JVNDB-2016-002112 // CNNVD: CNNVD-201604-330 // NVD: CVE-2016-3961

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-002112 // NVD: CVE-2016-3961

THREAT TYPE

local

Trust: 0.9

sources: PACKETSTORM: 138261 // PACKETSTORM: 138270 // PACKETSTORM: 139678 // CNNVD: CNNVD-201604-330

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201604-330

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002112

PATCH

title:	xsa174.patch	url:	http://xenbits.xen.org/xsa/xsa174.patch	Trust: 0.8
title:	XSA-174	url:	http://xenbits.xen.org/xsa/advisory-174.html	Trust: 0.8
title:	Patch for XenPV Virtual Machine Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/74420	Trust: 0.6
title:	Xen and Linux kernel Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60973	Trust: 0.6
title:	Red Hat: CVE-2016-3961	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-3961	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3127-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-trusty vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3127-2	Trust: 0.1
title:	Ubuntu Security Notice: linux-ti-omap4 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3050-1	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3049-1	Trust: 0.1
title:	Brocade Security Advisories: BSA-2017-204	url:	https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=426d0c0eff7642baadbe130aeadad5b8	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3006-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-xenial vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3005-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3007-1	Trust: 0.1
title:	Ubuntu Security Notice: linux vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3003-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-vivid vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3001-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-wily vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3002-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-raspi2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3004-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-703	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-703	Trust: 0.1
title:	Debian Security Advisories: DSA-3607-1 linux -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=130ea7817d6c997c442bd2ad39a2da75	Trust: 0.1

sources: CNVD: CNVD-2016-02390 // VULMON: CVE-2016-3961 // JVNDB: JVNDB-2016-002112 // CNNVD: CNNVD-201604-330

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3961	Trust: 4.0
db:	SECTRACK	id:	1035569	Trust: 1.7
db:	BID	id:	86068	Trust: 1.4
db:	OPENWALL	id:	OSS-SECURITY/2016/04/14/2	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-002112	Trust: 0.8
db:	CNVD	id:	CNVD-2016-02390	Trust: 0.6
db:	CNNVD	id:	CNNVD-201604-330	Trust: 0.6
db:	VULMON	id:	CVE-2016-3961	Trust: 0.1
db:	PACKETSTORM	id:	138261	Trust: 0.1
db:	PACKETSTORM	id:	137419	Trust: 0.1
db:	PACKETSTORM	id:	138270	Trust: 0.1
db:	PACKETSTORM	id:	137416	Trust: 0.1
db:	PACKETSTORM	id:	137417	Trust: 0.1
db:	PACKETSTORM	id:	139678	Trust: 0.1

sources: CNVD: CNVD-2016-02390 // VULMON: CVE-2016-3961 // BID: 86068 // JVNDB: JVNDB-2016-002112 // PACKETSTORM: 138261 // PACKETSTORM: 137419 // PACKETSTORM: 138270 // PACKETSTORM: 137416 // PACKETSTORM: 137417 // PACKETSTORM: 139678 // CNNVD: CNNVD-201604-330 // NVD: CVE-2016-3961

REFERENCES

url:	http://www.securitytracker.com/id/1035569	Trust: 1.7
url:	http://xenbits.xen.org/xsa/advisory-174.html	Trust: 1.7
url:	http://xenbits.xen.org/xsa/xsa174.patch	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2016/04/14/2	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3001-1	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3002-1	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3004-1	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3049-1	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-3050-1	Trust: 1.2
url:	http://www.debian.org/security/2016/dsa-3607	Trust: 1.1
url:	http://www.securityfocus.com/bid/86068	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3003-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3005-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3006-1	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-3007-1	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3961	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3961	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3961	Trust: 0.6
url:	http://www.xen.org/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3955	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2117	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4486	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4565	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4581	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3672	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4004	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4485	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1583	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2187	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3951	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3134	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4470	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5243	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-3961	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3961	Trust: 0.1
url:	https://usn.ubuntu.com/3127-1/	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/3.2.0-107.148	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.2.0-1031.41	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1485.112	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-61.69~14.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-lts-wily/4.2.0-38.45~14.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/3.13.0-101.148	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-3127-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7042	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9904	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3288	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.6

sources: PACKETSTORM: 138261 // PACKETSTORM: 137419 // PACKETSTORM: 138270 // PACKETSTORM: 137416 // PACKETSTORM: 137417 // PACKETSTORM: 139678

SOURCES

db:	CNVD	id:	CNVD-2016-02390
db:	VULMON	id:	CVE-2016-3961
db:	BID	id:	86068
db:	JVNDB	id:	JVNDB-2016-002112
db:	PACKETSTORM	id:	138261
db:	PACKETSTORM	id:	137419
db:	PACKETSTORM	id:	138270
db:	PACKETSTORM	id:	137416
db:	PACKETSTORM	id:	137417
db:	PACKETSTORM	id:	139678
db:	CNNVD	id:	CNNVD-201604-330
db:	NVD	id:	CVE-2016-3961

LAST UPDATE DATE

2025-05-04T22:09:30.540000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02390	date:	2016-04-20T00:00:00
db:	VULMON	id:	CVE-2016-3961	date:	2016-11-28T00:00:00
db:	BID	id:	86068	date:	2016-07-05T22:42:00
db:	JVNDB	id:	JVNDB-2016-002112	date:	2016-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201604-330	date:	2016-04-18T00:00:00
db:	NVD	id:	CVE-2016-3961	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02390	date:	2016-04-20T00:00:00
db:	VULMON	id:	CVE-2016-3961	date:	2016-04-15T00:00:00
db:	BID	id:	86068	date:	2016-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-002112	date:	2016-04-20T00:00:00
db:	PACKETSTORM	id:	138261	date:	2016-08-10T15:28:34
db:	PACKETSTORM	id:	137419	date:	2016-06-10T06:06:00
db:	PACKETSTORM	id:	138270	date:	2016-08-10T15:31:42
db:	PACKETSTORM	id:	137416	date:	2016-06-10T06:03:00
db:	PACKETSTORM	id:	137417	date:	2016-06-10T06:04:00
db:	PACKETSTORM	id:	139678	date:	2016-11-11T14:30:23
db:	CNNVD	id:	CNNVD-201604-330	date:	2016-04-15T00:00:00
db:	NVD	id:	CVE-2016-3961	date:	2016-04-15T14:59:14.050