VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201412-0110 CVE-2014-9418 Huawei eSpace Desktop of eSpace Meeting ActiveX Service disruption in control (DoS) Vulnerabilities

Related entries in the VARIoT exploits database: VAR-E-201905-0120
CVSS V2: 2.1
CVSS V3: -
Severity: LOW
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors. Huawei eSpace Desktop is a unified communications PC client developed by Huawei. A local attacker can exploit this issue to crash the application (typically Internet Explorer), denying service to legitimate users. It provides instant messaging, status presentation, personal address book, VoIP call, video call, file transfer, voice conference, Business applications such as data conferencing
VAR-201412-0286 CVE-2014-7993 plural Cisco-Meraki Vulnerability of obtaining important authentication information in device firmware CVSS V2: 3.3
CVSS V3: -
Severity: LOW
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012. Cisco Meraki MS MRMX is Cisco's cloud management wireless networking device. Meraki Ms Firmware is prone to a remote security vulnerability. A security vulnerability exists in several Cisco-Meraki devices due to HTTP handlers not properly validating requests. The following products and versions are affected: Cisco-Meraki MS, MR and MX with firmware versions prior to 2014-09-24
VAR-201412-0287 CVE-2014-7994 plural Cisco-Meraki Vulnerability to execute arbitrary commands in device firmware CVSS V2: 5.4
CVSS V3: -
Severity: MEDIUM
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991. Cisco-Meraki MS , MR ,and MX The device firmware contains a vulnerability that allows arbitrary commands to be executed. Vendors have confirmed this vulnerability Cisco-Meraki defect ID 00301991 It is released as.A third party uses cross-device and device-specific secret information to identify unspecified local networks. HTTP An arbitrary command may be executed by sending a request to the handler. Cisco Meraki MS MRMX is Cisco's cloud management wireless networking device. Meraki Mx is prone to a remote security vulnerability. A security vulnerability exists in several Cisco-Meraki devices due to HTTP handlers not properly validating requests
VAR-201412-0288 CVE-2014-7995 plural Cisco-Meraki Vulnerability in shell access in device firmware CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077. Cisco-Meraki MS MRMX is Cisco's cloud management wireless networking device. Meraki Mx is prone to a local security vulnerability. Cisco-Meraki MS, MR and MX are all cloud-managed wireless network devices of Cisco (Cisco)
VAR-201412-0289 CVE-2014-7999 plural Cisco-Meraki Vulnerability to install arbitrary firmware in device firmware CVSS V2: 7.7
CVSS V3: -
Severity: HIGH
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. Cisco-Meraki MS MRMX is Cisco's cloud management wireless networking device. Meraki Mx is prone to a remote security vulnerability. Cisco-Meraki MS, MR and MX are all cloud-managed wireless network devices of Cisco (Cisco)
VAR-201501-0655 CVE-2014-9518 D-Link Router DIR-655 Of firmware login.cgi Vulnerable to cross-site scripting CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. DIR-655 is the world's first wireless router wireless switch timer certified by Windows Vista. D-Link DIR-655 has an information disclosure vulnerability that allows an attacker to entice an unknown victim to follow a malicious URI. D-Link DIR-655 is prone to cross-site scripting, security-bypass, and information-disclosure vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the context of the website, steal cookie-based authentication information, disclose sensitive information, or bypass the authentication mechanism and gain unauthorized access. A cross-site scripting vulnerability exists in the login.cgi file of D-Link router DIR-655 with firmware version earlier than 2.12b01
VAR-201412-0306 CVE-2014-8024 Cisco Jabber Guest Server API Vulnerability in which important information is obtained CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The API in the Guest Server in Cisco Jabber, when the HTML5 CORS feature is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST request, aka Bug ID CSCus19789. Cisco Jabber Guest is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCus19789. Cisco Jabber is a cross-device collaboration system developed by Cisco. The system provides functions such as voice, video, desktop sharing and conferencing
VAR-201412-0307 CVE-2014-8025 Cisco Jabber Guest Server API Vulnerability in which important information is obtained CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The API in the Guest Server in Cisco Jabber, when HTML5 is used, allows remote attackers to obtain sensitive information by sniffing the network during an HTTP (1) GET or (2) POST response, aka Bug ID CSCus19801. Cisco Jabber Guest is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCus19801. Cisco Jabber is a cross-device collaboration system developed by Cisco. The system provides functions such as voice, video, desktop sharing and conferencing
VAR-201412-0308 CVE-2014-8026 Cisco Jabber Guest Server Cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCus08074. Cisco Jabber is a cross-device collaboration system developed by Cisco. The system provides functions such as voice, video, desktop sharing and conferencing
VAR-201412-0301 CVE-2014-8015 Cisco Identity Services Engine of Sponsor Portal Vulnerable to gaining access to any sponsor guest account CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400. A remote attacker can exploit this issue to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSCur64400. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
VAR-201412-0303 CVE-2014-8017 Cisco Identity Services Engine of periodic-backup In function backup-encryption Password acquisition vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCur41673. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
VAR-201412-0304 CVE-2014-8018 Cisco Unified Communications Domain Manager Application software Business Voice Services Manager Page cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661. Vendors have confirmed this vulnerability Bug ID CSCur19651 , CSCur18555 , CSCur19630 ,and CSCur19661 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues are being tracked by Cisco Bug IDs CSCur19651, CSCur18555, CSCur19630 and CSCur19661. This component features scalable, distributed, and highly available enterprise Voice over IP call processing
VAR-201904-0506 CVE-2014-9186 Honeywell Experion PKS File contains vulnerabilities CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. Honeywell Experion PKS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Honeywell EPKS is used in the automation and control of industrial and production processes and is a distributed control system solution, including a web-based SCADA system. The Honeywell Experion PKS presence file contains a vulnerability because it fails to adequately filter the input provided by the user. An attacker could exploit this vulnerability to obtain sensitive information or execute arbitrary script code in the context of a web server process. The following versions are affected: Honeywell Experion R40x versions prior to Experion PKS R400.6 Honeywell Experion R41x versions prior to Experion PKS R410.6 Honeywell Experion R43x versions prior to Experion PKS R430.2. An attacker could exploit the vulnerability via a file inclusion attack by submitting a crafted function to the affected software. Honeywell has confirmed the vulnerability and released updated software
VAR-201412-0054 CVE-2014-3410 Cisco Adaptive Security Appliance Software syslog-management Vulnerability of obtaining administrator password in subsystem CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860. An attacker can exploit this issue to gain access to passwords that may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCuq22357 and CSCur41860
VAR-201412-0292 CVE-2014-8007 Cisco Prime Infrastructure In device-discovery Password read vulnerability CVSS V2: 4.0
CVSS V3: -
Severity: MEDIUM
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019. Cisco Prime Infrastructure Is device-discovery A vulnerability that allows passwords to be read exists. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCum00019
VAR-201412-0302 CVE-2014-8016 Cisco IronPort Email Security Appliance Service disruption in (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Cisco IronPort Email Security Appliance (ESA) allows remote attackers to cause a denial of service (CPU consumption) via long Subject headers in e-mail messages, aka Bug ID CSCzv93864. Successful exploitation of the issue will cause excessive CPU consumption, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCzv93864. The appliance offers spam protection, email encryption, data loss prevention, and more
VAR-201412-0305 CVE-2014-8019 Cisco Enterprise Content Delivery System Vulnerable to directory traversal CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148. An attacker can exploit this issue to access arbitrary files in the context of the web server process, which may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuo90148. The system consists of a variety of video transmission products, hardware devices and Cisco Wide Area Application Services (WAAS) virtual blade software, which can help enterprises transmit real-time video content through streaming or multicast, and support setup, configuration, maintenance and monitoring of video
VAR-201412-0613 CVE-2014-9295 NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated) CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Network Time Protocol is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with the privileges of the ntpd process. Failed attempts will likely cause a denial-of-service condition. Network Time Protocol 4.2.7 and prior are vulnerable. See the RESOLUTION section for a list of impacted hardware and Comware 5, Comware 5 Low Encryption SW, Comware 7, and VCX versions. Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted CVE # 8800 (Comware 5) R3627P04 JC137A HP 8805/8808/8812 (2E) Main Control Unit Module, JC138A HP 8805/8808/8812 (1E) Main Control Unit Module, JC141A HP 8802 Main Control Unit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis, JC148A HP 8805 Router Chassis, JC148B HP 8805 Router Chassis, JC149A HP 8808 Router Chassis, JC149B HP 8808 Router Chassis, JC150A HP 8812 Router Chassis, JC150B HP 8812 Router Chassis, JC596A HP 8800 Dual Fabric Main Processing Unit, JC597A HP 8800 Single Fabric Main Processing Unit CVE-2014-9295 A6600 (Comware 5) R3303P18 JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit, JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit CVE-2014-9295 HSR6602 (Comware 5) R3303P18 JC176A HP 6602 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit CVE-2014-9295 HSR6800 (Comware 5) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit CVE-2014-9295 MSR20 (Comware 5) R2513P45 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router CVE-2014-9295 MSR20-1X (Comware 5) R2513P45 JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router, JD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service Router, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW Multi-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP MSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router, JD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1 Multi-Service Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router (NA), JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1, H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-11 (0235A31V), H3C MSR 20-12 (0235A32E), H3C MSR 20-12 T1 (0235A32B), H3C MSR 20-13 (0235A31W), H3C MSR 20-13 W (0235A31X), H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R), H3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P), H3C MSR20-12 W (0235A32G) CVE-2014-9295 MSR 30 (Comware 5) R2513P45 JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40 Multi-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP MSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service Router, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP RTMSR3040-AC-OVSAS-H3, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S), H3C MSR 30-20 (0235A19L), H3C MSR 30-20 POE (0235A239), H3C MSR 30-40 (0235A20J), H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60 (0235A20K), H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V) CVE-2014-9295 MSR 30-16 (Comware 5) R2513P45 JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16 Multi-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router, H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238) CVE-2014-9295 MSR 30-1X (Comware 5) R2513P45 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L) CVE-2014-9295 MSR 50 (Comware 5) R2513P45 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR5040-DCOVS-H3C (0235A20P), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L) CVE-2014-9295 MSR 50-G2 (Comware 5) R2513P45 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295 MSR 9XX (Comware 5) R2513P45 JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router, JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr, JG207A HP MSR900-W Router (NA), JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) CVE-2014-9295 MSR 93X (Comware 5) R2513P45 JG512A HP MSR930 Wireless Router, JG513A HP MSR930 3G Router, JG514A HP MSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP MSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router, JG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930 4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G LTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router N/A CVE-2014-9295 MSR1000 (Comware 5) R2513P45 JG732A HP MSR1003-8 AC Router N/A CVE-2014-9295 MSR20 (Comware 5 - Low Encryption SW) R2513L61 JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326) CVE-2014-9295 MSR20-1X (Comware 5 - Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-TAC-OVS-H3 (0235A398), H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) CVE-2014-9295 MSR30 (Comware 5 - Low Encryption SW) R2513L61 JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) CVE-2014-9295 MSR30-16 (Comware 5 - Low Encryption SW) R2513L61 JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) CVE-2014-9295 MSR30-1X (Comware 5 - Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) CVE-2014-9295 MSR50 (Comware 5 - Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DCOVS-H3C (0235A20P) CVE-2014-9295 MSR50 G2 (Comware 5 - Low Encryption SW) R2513L61 JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) CVE-2014-9295 12500 (Comware 5) R1828P06 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295 9500E (Comware 5) R1828P06 JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP A9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch Chassis, JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch Chassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C S9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R) CVE-2014-9295 10500 (Comware 5) R1208P10 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512 Switch Chassis, JG375A HP 10500 TAA-compliant Main Processing Unit, JG820A HP 10504 TAA-compliant Switch Chassis, JG821A HP 10508 TAA-compliant Switch Chassis, JG822A HP 10508-V TAA-compliant Switch Chassis, JG823A HP 10512 TAA-compliant Switch Chassis CVE-2014-9295 7500 (Comware 5) R6708P10 JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo, JC697A HP 7502 TAA-compliant Main Processing Unit, JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports, JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports, JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit, JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit, JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports, JD194A HP 7500 384Gbps Fabric Module, JD194B HP 7500 384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A HP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports, JD238A HP 7510 Switch Chassis, JD238B HP 7510 Switch Chassis, JD239A HP 7506 Switch Chassis, JD239B HP 7506 Switch Chassis, JD240A HP 7503 Switch Chassis, JD240B HP 7503 Switch Chassis, JD241A HP 7506-V Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP 7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP 7503-S Switch Chassis with 1 Fabric Slot, JD243B HP 7503-S Switch Chassis with 1 Fabric Slot, JE164A HP E7902 Switch Chassis, JE165A HP E7903 Switch Chassis, JE166A HP E7903 1 Fabric Slot Switch Chassis, JE167A HP E7906 Switch Chassis, JE168A HP E7906 Vertical Switch Chassis, JE169A HP E7910 Switch Chassis CVE-2014-9295 5830 (Comware 5) R1118P11 JC691A HP 5830AF-48G Switch with 1 Interface Slot, JC694A HP 5830AF-96G Switch, JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot, JG374A HP 5830AF-96G TAA-compliant Switch CVE-2014-9295 5800 (Comware 5) R1809P03 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface CVE-2014-9295 5820 (Comware 5) R1809P03 JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch CVE-2014-9295 5500 HI (Comware 5) R5501P06 JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots, JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots, JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots, JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots, JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots, JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots, JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots CVE-2014-9295 5500 EI (Comware 5) R2221P08 JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP 5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI Switch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI Switch, JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots, JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots, JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface, JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots, JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots, JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots, JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots CVE-2014-9295 4800G (Comware 5) R2221P08 JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP 4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch CVE-2014-9295 5500SI (Comware 5) R2221P08 JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP 5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots, JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots CVE-2014-9295 4500G (Comware 5) R2221P08 JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch CVE-2014-9295 5120 EI (Comware 5) R2221P08 JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP 5120-24G EI Switch with 2 Interface Slots, JE069A HP 5120-48G EI Switch with 2 Interface Slots, JE070A HP 5120-24G-PoE EI 2-slot Switch, JE071A HP 5120-48G-PoE EI 2-slot Switch, JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots, JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots, JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots, JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots, JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots, JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots CVE-2014-9295 4210G (Comware 5) R2221P08 JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE Switch CVE-2014-9295 5120 SI (Comware 5) R1513P95 JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP 5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP 5120-24G-PoE+ (170W) SI Switch CVE-2014-9295 3610 (Comware 5) R5319P10 JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP 3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch CVE-2014-9295 3600V2 (Comware 5) R2110P03 JG299A HP 3600-24 v2 EI Switch, JG299B HP 3600-24 v2 EI Switch, JG300A HP 3600-48 v2 EI Switch, JG300B HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+ v2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG301C HP 3600-24-PoE+ v2 EI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI Switch, JG302C HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI Switch, JG303B HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch, JG304B HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG305B HP 3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP 3600-24-PoE+ v2 SI Switch, JG306C HP 3600-24-PoE+ v2 SI Switch, JG307A HP 3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch, JG307C HP 3600-48-PoE+ v2 SI Switch CVE-2014-9295 3100V2-48 (Comware 5) R2110P03 JG315A HP 3100-48 v2 Switch, JG315B HP 3100-48 v2 Switch CVE-2014-9295 3100V2 (Comware 5) R5203P11 JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP 3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI Switch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch CVE-2014-9295 HP870 (Comware 5) R2607P35 JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance CVE-2014-9295 HP850 (Comware 5) R2607P35 JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance CVE-2014-9295 HP830 (Comware 5) R3507P35 JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch, JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch, JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch, JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant CVE-2014-9295 HP6000 (Comware 5) R2507P35 JG639A HP 10500/7500 20G Unified Wired-WLAN Module, JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module CVE-2014-9295 WX5004-EI (Comware 5) R2507P35 JD447B HP WX5002 Access Controller, JD448A HP WX5004 Access Controller, JD448B HP WX5004 Access Controller, JD469A HP WX5004 Access Controller CVE-2014-9295 SecBlade FW (Comware 5) R3181P05 JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module, JD249A HP 10500/7500 Advanced VPN Firewall Module, JD250A HP 6600 Firewall Processing Router Module, JD251A HP 8800 Firewall Processing Module, JD255A HP 5820 VPN Firewall Module CVE-2014-9295 F1000-E (Comware 5) R3181P05 JD272A HP F1000-E VPN Firewall Appliance CVE-2014-9295 F1000-A-EI (Comware 5) R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance CVE-2014-9295 F1000-S-EI (Comware 5) R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance CVE-2014-9295 F5000-A (Comware 5) F3210P23 JD259A HP A5000-A5 VPN Firewall Chassis, JG215A HP F5000 Firewall Main Processing Unit, JG216A HP F5000 Firewall Standalone Chassis CVE-2014-9295 U200S and CS (Comware 5) F5123P31 JD273A HP U200-S UTM Appliance CVE-2014-9295 U200A and M (Comware 5) F5123P31 JD275A HP U200-A UTM Appliance CVE-2014-9295 F5000-C/S (Comware 5) R3811P03 JG650A HP F5000-C VPN Firewall Appliance, JG370A HP F5000-S VPN Firewall Appliance CVE-2014-9295 SecBlade III (Comware 5) R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module CVE-2014-9295 MSR20 RU (Comware 5 Low Encryption SW) R2513L61 JD432A HP A-MSR20-21 Router, JD662A HP MSR20-20 Router, JD663A HP A-MSR20-21 Router, JD663B HP MSR20-21 Router, JD664A HP MSR20-40 Router, JF228A HP MSR20-40, JF283A HP MSR20-20 Router CVE-2014-9295 MSR20-1X RU (Comware 5 Low Encryption SW) R2513L61 JD431A HP MSR20-10 Router, JD667A HP A-MSR20-15 IW Multi-service Router, JD668A HP MSR20-13 Router, JD669A HP MSR20-13-W Router, JD670A HP A-MSR20-15 A Multi-service Router, JD671A HP A-MSR20-15 AW Multi-service Router, JD672A HP A-MSR20-15 I Multi-service Router, JD673A HP MSR20-11 Router, JD674A HP MSR20-12 Router, JD675A HP MSR20-12-W Router, JD676A HP MSR20-12-T Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router, JG209A HP MSR20-12-T-W Router, JG210A HP MSR20-13-W Router CVE-2014-9295 MSR30 RU (Comware 5 Low Encryption SW) R2513L61 JD654A HP MSR30-60 PoE Router, JD657A HP MSR30-40 Router, JD658A HP MSR30-60 Router, JD660A HP MSR30-20 PoE Router, JD661A HP MSR30-40 PoE Router, JD666A HP MSR30-20 Router, JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF232A HP A-MSR30-40 (RT-MSR3040-AC-OVS-AS-H3) Multi-service Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router, JG728A HP MSR30-20 TAA-compliant DC Router, JG729A HP MSR30-20 TAA-compliant Router CVE-2014-9295 MSR301X RU (Comware 5 Low Encryption SW) R2513L61 JF800A HP MSR30-11 Router, JF816A HP MSR30-10 Router, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router CVE-2014-9295 MSR316 RU (Comware 5 Low Encryption SW) R2513L61 JD659A HP MSR30-16 PoE Router, JD665A HP MSR30-16 Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router CVE-2014-9295 MSR50 RU (Comware 5 Low Encryption SW) R2513L61 JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply CVE-2014-9295 MSR50 EPU RU (Comware 5 Low Encryption SW) R2513L61 JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module, JD433A HP MSR50-40 Router, JD655A HP MSR 50-40 Router, JD656A HP MSR50-60 Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Router Chassis with DC Power Supply CVE-2014-9295 MSR1000 RU (Comware 5 Low Encryption SW) R2513L61 JG732A HP MSR1003-8 AC Router CVE-2014-9295 6600 RSE RU (Comware 5 Low Encryption SW) R3303P18 JC566A HP 6600 RSE-X1 Router Main Processing Unit, JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit CVE-2014-9295 6600 RPE RU (Comware 5 Low Encryption SW) R3303P18 JC165A) HP 6600 RPE-X1 Router Module, JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit CVE-2014-9295 6602 RU (Comware 5 Low Encryption SW) R3303P18 JC176A) HP 6602 Router Chassis CVE-2014-9295 HSR6602 RU (Comware 5 Low Encryption SW) R3303P18 JC177A HP 6608 Router, JC177B HP 6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP 6604 Router Chassis, JC496A HP 6616 Router Chassis, JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG355A HP 6600 MCP-X1 Router Main Processing Unit, JG356A HP 6600 MCP-X2 Router Main Processing Unit, JG776A HP HSR6602-G TAA-compliant Router, JG777A HP HSR6602-XG TAA-compliant Router, JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit CVE-2014-9295 HSR6800 RU (Comware 5 Low Encryption SW) R3303P18 JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router Main Processing Unit, JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit CVE-2014-9295 SMB1910 (Comware 5) R1108 JG540A HP 1910-48 Switch, JG539A HP 1910-24-PoE+ Switch, JG538A HP 1910-24 Switch, JG537A HP 1910-8 -PoE+ Switch, JG536A HP 1910-8 Switch CVE-2014-9295 SMB1920 (Comware 5) R1106 JG928A HP 1920-48G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch, JG926A HP 1920-24G-PoE+ (370W) Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG924A HP 1920-24G Switch, JG923A HP 1920-16G Switch, JG922A HP 1920-8G-PoE+ (180W) Switch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG920A HP 1920-8G Switch CVE-2014-9295 V1910 (Comware 5) R1513P95 JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE (365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G Switch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A HP 1910-8G-PoE+ (180W) Switch CVE-2014-9295 SMB 1620 (Comware 5) R1105 JG914A HP 1620-48G Switch, JG913A HP 1620-24G Switch, JG912A HP 1620-8G Switch CVE-2014-9295 COMWARE 7 Products 12500 (Comware 7) R7328P04 JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP 12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP FF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP FF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU, JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis, JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis, JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis, JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis, JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit, JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module, JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module, JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module, JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module, JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module, JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module, JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module, JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module, JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module, JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module, JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module, JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module, JG798A HP FlexFabric 12508E Fabric Module H3C S12508 Routing Switch (AC-1) (0235A0GE), H3C S12518 Routing Switch (AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) CVE-2014-9295 11900 (Comware 7) R7169P01 JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing Unit, JG610A HP FF 11908 1.92Tbps Type D Fabric Module, JG611A HP FF 11900 32p 10GbE SFP+ SF Module, JG612A HP FF 11900 48p 10GbE SFP+ SF Module, JG613A HP FF 11900 4p 40GbE QSFP+ SF Module, JG614A HP FF 11900 8p 40GbE QSFP+ SF Module, JG615A HP FF 11900 24-p 1/10GBASE-T SF Module, JG616A HP FF 11900 2500W AC Power Supply, JG617A HP FF 11900 2400W DC Power Supply, JG618A HP FF 11908-V Spare Fan Assy, JG918A HP FF 11900 2p 100GbE CFP SE Module CVE-2014-9295 10500 (Comware 7) R7150 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A MPU w/Comware v7 OS, JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System, JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module, JH192A HP 10500 48-port Gig-TRJ45SE Module, JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module, JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module, JH195A HP 10500 6-port 40GbE QSFP+ EC Module, JH196A HP 10500 2-port 100GbE CFP EC Module, JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module N/A CVE-2014-9295 12900 (Comware 7) R1112 JG619A HP FlexFabric 12910 Switch AC Chassis, JG621A HP FlexFabric 12910 Main Processing Unit, JG632A HP FlexFabric 12916 Switch AC Chassis, JG634A HP FlexFabric 12916 Main Processing Unit CVE-2014-9295 5900 (Comware 7) R2311P06 JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch, JG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA Switch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch, JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant, JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch, JH038A) HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant CVE-2014-9295 5920 (Comware 7) R2311P06 JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch CVE-2014-9295 MSR1000 (Comware 7) R0106P31 JG875A HP MSR1002-4 AC Router, JH060A HP MSR1003-8S AC Router CVE-2014-9295 MSR2000 (Comware 7) R0106P31 JG411A HP MSR2003 AC Router, JG734A HP MSR2004-24 AC Router, JG735A) HP MSR2004-48 Router, JG866A HP MSR2003 TAA-compliant AC Router CVE-2014-9295 MSR3000 (Comware 7) R0106P31 JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC Router, JG407A HP MSR3024 DC Router, JG408A HP MSR3024 PoE Router, JG409A HP MSR3012 AC Router, JG410A HP MSR3012 DC Router, JG861A HP MSR3024 TAA-compliant AC Router CVE-2014-9295 MSR4000 (Comware 7) R0106P31 JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A HP MSR4000 MPU-100 Main Processing Unit, JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit CVE-2014-9295 5800 (Comware 7) R7006P12 JC099A HP 5800-24G-PoE Switch, JC099B HP 5800-24G-PoE+ Switch, JC100A HP 5800-24G Switch, JC100B HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots, JC103A HP 5800-24G-SFP Switch, JC103B HP 5800-24G-SFP Switch with 1 Interface Slot, JC104A HP 5800-48G-PoE Switch, JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot, JC105A HP 5800-48G Switch, JC105B HP 5800-48G Switch with 1 Interface Slot, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG254B HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG255B HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot, JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot, JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot, JG225A HP 5800AF-48G Switch, JG225B HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG243B HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot, JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot, JG219A HP 5820AF-24XG Switch, JG219B HP 5820AF-24XG Switch, JC102A HP 5820-24XG-SFP+ Switch, JC102B HP 5820-24XG-SFP+ Switch CVE-2014-9295 VSR (Comware 7) R0204P01 JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software, JG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004 Comware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual Services Router CVE-2014-9295 7900 (Comware 7) R2122 JG682A HP FlexFabric 7904 Switch Chassis, JG841A HP FlexFabric 7910 Switch Chassis, JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit, JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit CVE-2014-9295 5130 (Comware 7) R3108P03 JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch, JG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch, JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch, JG975A HP 5130-24G-4SFP+ EI Brazil Switch, JG976A HP 5130-48G-4SFP+ EI Brazil Switch, JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch, JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch CVE-2014-9295 5700 (Comware 7) R2311P06 JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch, JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch, JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch, JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch, JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch, JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch CVE-2014-9295 VCX 9.8.17 J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server, JE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL 120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary, JE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM Module, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform 9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router with VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX Connect 100 Sec Server 9.0 CVE -2014-9293 CVE-2014-9294 CVE-2014-9295 HISTORY Version:1 (rev.1) - 9 December 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-22-1 OS X NTP Security Update OS X NTP Security Update is now available and addresses the following: ntpd Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1 Impact: A remote attacker may be able to execute arbitrary code Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking. To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. Release Date: 2015-02-18 Last Updated: 2015-04-08 Potential Security Impact: Remote execution of code, Denial of Service (DoS), or other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. References: CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous HP-UX B.11.23 running XNTP version 3.5 or previous HP-UX B.11.11 running XNTP version 3.5 or previous BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following solutions for HP-UX B.11.31, HP-UX B.11.23, and HP-UX B.11.11. The two patches are available from the HP Support Center (HPSC). http://h20565.www2.hp.com/portal/site/hpsc? A new B.11.31 depot for HP-UX-NTP_C.4.2.6.5.0 is available here: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =HPUX-NTP The B.11.31 image HP-UX-NTP_C.4.2.6.5.0 The B.11.23 patch PHNE_44236 for NTP v3.5 The B.11.11 patch PHNE_44235 for NTP v3.5 Mitigation steps for HP-UX B.11.23 and HP-UX B.11.11 for CVE-2014-9295 Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling noquery using the restrict command in /etc/ntp.conf file. Reference: http://support.ntp.org/bin/view/Main/SecurityNotice MANUAL ACTIONS: Yes - Update If patch installation on B.11.11 or B.11.23 is not possible, mitigate with step above. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== InternetSrvcs.INETSVCS-BOOT action: install PHNE_44235 or subsequent HP-UX B.11.23 ================== InternetSrvcs.INETSVCS2-BOOT action: install PHNE_44236 or subsequent HP-UX B.11.31 ================== NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 18 February 2015 Initial release Version:2 (rev.2) - 8 April 2015 Added B.11.23 and B.11.11 patches Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296). Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (CVE-2014-9297). Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9298 http://advisories.mageia.org/MGASA-2014-0541.html http://advisories.mageia.org/MGASA-2015-0063.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 8f7d14b95c55bd1de7230cff0c8ea9d7 mbs2/x86_64/ntp-4.2.6p5-16.1.mbs2.x86_64.rpm 09063ab11459b1f935809b37c742ff12 mbs2/x86_64/ntp-client-4.2.6p5-16.1.mbs2.x86_64.rpm 7a0d0eca35911d9f15b76b474c5512cf mbs2/x86_64/ntp-doc-4.2.6p5-16.1.mbs2.noarch.rpm cb0371050702950084ff633ea45c2c5c mbs2/SRPMS/ntp-4.2.6p5-16.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF9K3mqjQ0CJFipgRAn26AJwInkxLvDh/Gbb3uYRz9IjuaSK8+ACgiM1Z rou2syvF1hyhVhxh7M5sv3c= =uncU -----END PGP SIGNATURE----- . Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities). The default ntpd configuration in Debian restricts access to localhost (and possible the adjacent network in case of IPv6). For the stable distribution (wheezy), these problems have been fixed in version 1:4.2.6.p5+dfsg-2+deb7u1. References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 CVE-2013-5211 SSRT102239 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Platform Patch Kit Name Alpha IA64 V8.4 75-117-380_2015-08-24.BCK NOTE: Please contact OpenVMS Technical Support to request these patch kits. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014 ntp vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in NTP. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295) Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2 Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2 After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2014:2025-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-2025.html Issue date: 2014-12-20 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 ===================================================================== 1. Summary: Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ntp-4.2.2p1-18.el5_11.src.rpm i386: ntp-4.2.2p1-18.el5_11.i386.rpm ntp-debuginfo-4.2.2p1-18.el5_11.i386.rpm x86_64: ntp-4.2.2p1-18.el5_11.x86_64.rpm ntp-debuginfo-4.2.2p1-18.el5_11.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ntp-4.2.2p1-18.el5_11.src.rpm i386: ntp-4.2.2p1-18.el5_11.i386.rpm ntp-debuginfo-4.2.2p1-18.el5_11.i386.rpm ia64: ntp-4.2.2p1-18.el5_11.ia64.rpm ntp-debuginfo-4.2.2p1-18.el5_11.ia64.rpm ppc: ntp-4.2.2p1-18.el5_11.ppc.rpm ntp-debuginfo-4.2.2p1-18.el5_11.ppc.rpm s390x: ntp-4.2.2p1-18.el5_11.s390x.rpm ntp-debuginfo-4.2.2p1-18.el5_11.s390x.rpm x86_64: ntp-4.2.2p1-18.el5_11.x86_64.rpm ntp-debuginfo-4.2.2p1-18.el5_11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUlOK5XlSAg2UNWIIRAjqWAKCSca9s0BI59EvKuZnchQpcOfrj7wCgrae3 UA8SnygB/UEFPTKirinHijI= =kt9k -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201412-0615 CVE-2014-9293 NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated) CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability types by CWE-332: Insufficient Entropy in PRNG (PRNG Insufficient entropy in ) Has been identified. http://cwe.mitre.org/data/definitions/332.htmlBrute force attack by a third party (Brute force attack) Could be used to break cryptographic protection mechanisms. Network Time Protocol is prone to an unspecified security vulnerability. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Network Time Protocol 4.2.7 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04554677 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04554677 Version: 1 HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-02-18 Last Updated: 2015-02-18 Potential Security Impact: Remote execution of code, Denial of Service (DoS), or other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. References: CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous HP-UX B.11.23 running XNTP version 3.5 or previous BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX B.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows below. The B.11.31 patch is available from: ftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw depot/displayProductInfo.do?productNumber=HPUX-NTP Mitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295 Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf file. Reference: http://support.ntp.org/bin/view/Main/SecurityNotice NOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and B.11.11 become available. MANUAL ACTIONS: No PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 ================== NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 18 February 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlTmZ2cACgkQ4B86/C0qfVktpQCfUVutONWPreqP2D8WOpxsidgQ fhwAnj1XmZ/Xr72p+vBwHJpNnQ48KROt =kU5i -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products Advisory ID: cisco-sa-20141222-ntpd Revision 1.1 Last Updated 2014 December 23 13:37 UTC (GMT) For Public Release 2014 December 22 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Multiple Cisco products incorporate a version of the ntpd package. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. The vulnerabilities are referenced in this document as follows: * CVE-2014-9293: Weak Default Key in config_auth() * CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to Generate Symmetric Keys * CVE-2014-9295: Multiple Buffer Overflow Vulnerabilities in ntpd * CVE-2014-9296: ntpd receive(): Missing Return on Error This advisory will be updated as additional information becomes available. Cisco will release free software updates that address these vulnerabilities. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several high-severity vulnerabilities discovered by Neel Mehta and Stephen Roettger of the Google Security Team. For more information, see: https://www.kb.cert.org/vuls/id/852879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 18d7f09e90cf2434f59d7e9f11478fba ntp-4.2.8-i486-1_slack13.0.txz Slackware x86_64 13.0 package: edd178e3d2636433dd18f52331af17a5 ntp-4.2.8-x86_64-1_slack13.0.txz Slackware 13.1 package: 4b6da6fa564b1fe00920d402ff97bd43 ntp-4.2.8-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 292ae7dbd3ea593c5e28cbba7c2b71fa ntp-4.2.8-x86_64-1_slack13.1.txz Slackware 13.37 package: 294b8197d360f9a3cf8186619b60b73c ntp-4.2.8-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 7cd5b63f8371b1cc369bc56e4b4efd5a ntp-4.2.8-x86_64-1_slack13.37.txz Slackware 14.0 package: 32eab67538c33e4669bda9200799a497 ntp-4.2.8-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 33ecf4845fa8533a12a98879815bde08 ntp-4.2.8-x86_64-1_slack14.0.txz Slackware 14.1 package: f2b45a45c846a909ae201176ce359939 ntp-4.2.8-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 12d7ab6e2541af4d1282621d3773e7f7 ntp-4.2.8-x86_64-1_slack14.1.txz Slackware -current package: 5b2150cee9840d8bb547098cccde879a n/ntp-4.2.8-i486-1.txz Slackware x86_64 -current package: 9ce09c5d6a60d3e2117988e4551e4af1 n/ntp-4.2.8-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014 ntp vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in NTP. Software Description: - ntp: Network Time Protocol daemon and utility programs Details: Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. (CVE-2014-9293) Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the MD5 key and spoof a client or server. (CVE-2014-9294) Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. In non-default configurations, a remote attacker could use these issues to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295) Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2 Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2 After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen. References: http://www.ubuntu.com/usn/usn-2449-1 CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 Package Information: https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.10.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p3+dfsg-1ubuntu3.2 https://launchpad.net/ubuntu/+source/ntp/1:4.2.4p8+dfsg-1ubuntu2.2 . Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2015 Hewlett-Packard Development Company, L.P. References: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 VU#852879 SSRT101878 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Mitigation for impacted products: disable NTP, until an update is available. Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted 12900 Switch Series Fix in Progress, Use Mitigation JG619A HP FF 12910 Switch AC Chassis, JG621A HP FF 12910 Main Processing Unit, JG632A HP FF 12916 Switch AC Chassis, JG634A HP FF 12916 Main Processing Unit N/A N/A 12500 Fix in Progress, Use Mitigation JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE), H3C S12518 Routing Switch(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M) , H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) N/A 12500 (Comware v7) Fix in Progress, Use Mitigation JC085A HP A12518 Switch Chassis, JC086A HP A12508 Switch Chassis, JC652A HP 12508 DC Switch Chassis, JC653A HP 12518 DC Switch Chassis, JC654A HP 12504 AC Switch Chassis, JC655A HP 12504 DC Switch Chassis, JF430A HP A12518 Switch Chassis, JF430B HP 12518 Switch Chassis, JF430C HP 12518 AC Switch Chassis, JF431A HP A12508 Switch Chassis, JF431B HP 12508 Switch Chassis, JF431C HP 12508 AC Switch Chassis, JC072B HP 12500 Main Processing Unit, JG497A HP 12500 MPU w/Comware V7 OS, JG782A HP FF 12508E AC Switch Chassis, JG783A HP FF 12508E DC Switch Chassis, JG784A HP FF 12518E AC Switch Chassis, JG785A HP FF 12518E DC Switch Chassis, JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE), H3C S12518 Routing Switch(AC-1) (0235A0GF), H3C S12508 Chassis (0235A0E6), H3C S12508 Chassis (0235A38N), H3C S12518 Chassis (0235A0E7), H3C S12518 Chassis (0235A38M), H3C 12508 DC Switch Chassis (0235A38L), H3C 12518 DC Switch Chassis (0235A38K) N/A 11900 Switch Series Fix in Progress, Use Mitigation JG608A HP FF 11908-V Switch Chassis, JG609A HP FF 11900 Main Processing Unit N/A N/A 10500 Switch Series (Comware v5) R1208P10 JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC614A HP 10500 Main Processing Unit, JC748A HP 10512 Switch Chassis, JG375A HP 10500 TAA Main Processing Unit, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis N/A N/A 10500 Switch Series (Comware v7) Fix in Progress, Use Mitigation JC611A HP 10508-V Switch Chassis, JC612A HP 10508 Switch Chassis, JC613A HP 10504 Switch Chassis, JC748A HP 10512 Switch Chassis, JG820A HP 10504 TAA Switch Chassis, JG821A HP 10508 TAA Switch Chassis, JG822A HP 10508-V TAA Switch Chassis, JG823A HP 10512 TAA Switch Chassis, JG496A HP 10500 Type A MPU w/Comware v7 OS N/A N/A 9500E Fix in Progress, Use Mitigation JC124A HP A9508 Switch Chassis, JC124B HP 9505 Switch Chassis, JC125A HP A9512 Switch Chassis, JC125B HP 9512 Switch Chassis, JC474A HP A9508-V Switch Chassis, JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6), H3C S9512E Routing-Switch Chassis (0235A0G7), H3C S9508E-V Routing-Switch Chassis (0235A38Q), H3C S9505E Chassis w/ Fans (0235A38P), H3C S9512E Chassis w/ Fans (0235A38R) N/A 8800 Fix in Progress, Use Mitigation JC141A HP 8802 Main Control Unit Module, JC147A HP 8802 Router Chassis, JC147B HP 8802 Router Chassis, JC148A HP A8805 Router Chassis, JC148B HP 8805 Router Chassis, JC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod, JC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod, JC149A HP A8808 Router Chassis, JC149B HP 8808 Router Chassis, JC150A HP A8812 Router Chassis, JC150B HP 8812 Router Chassis H3C Main Control Unit for SR8802 (0231A84N), H3C SR8802 10G Core Router Chassis (0235A31B), H3C SR8802 10G Core Router Chassis (0235A0GC), H3C SR8805 10G Core Router Chassis (0235A31C), H3C SR8805 10G Core Router Chassis (0235A0G8), H3C SR8800 Routing Switch Processing Board(0231A80E), H3C Main Contril Unit for SR8805/08/12 IE (0231A82E), H3C SR8808 10G Core Router Chassis (0235A31D / 0235A0G9, H3C SR8812 10G Core Router Chassis (0235A31E / 0235A0GA) N/A 7900 Fix in Progress, Use Mitigation JG682A HP FlexFabric 7904 Switch Chassis, JH001A HP FF 7910 2.4Tbps Fabric / MPU, JG842A HP FF 7910 7.2Tbps Fabric / MPU, JG841A HP FF 7910 Switch Chassis N/A N/A 7500 Switch Series R6708P10 JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T, JC697A HP A7502 TAA Main Processing Unit, JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE, JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE, JC700A HP A7500 384 Gbps TAA Fabric / MPU, JC701A HP A7510 768 Gbps TAA Fabric / MPU, JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports, JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports, JD194A HP 384 Gbps Fabric A7500 Module, JD194B HP 7500 384Gbps Fabric Module, JD195A HP 7500 384Gbps Advanced Fabric Module, JD196A HP 7502 Fabric Module, JD220A HP 7500 768Gbps Fabric Module, JD238A HP A7510 Switch Chassis, JD238B HP 7510 Switch Chassis, JD239A HP A7506 Switch Chassis, JD239B HP 7506 Switch Chassis, JD240A HP A7503 Switch Chassis, JD240B HP 7503 Switch Chassis, JD241A HP A7506 Vertical Switch Chassis, JD241B HP 7506-V Switch Chassis, JD242A HP A7502 Switch Chassis, JD242B HP 7502 Switch Chassis, JD243A HP A7503 Switch Chassis w/1 Fabric Slot, JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4), H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2), H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5), H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1), H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3), H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0), H3C S7502E Chassis w/ fans (0235A29A), H3C S7503E Chassis w/ fans (0235A27R), H3C S7503E-S Chassis w/ fans (0235A33R), H3C S7506E Chassis w/ fans (0235A27Q), H3C S7506E-V Chassis w/ fans (0235A27S) N/A HSR6800 Fix in Progress, Use Mitigation JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router MPU, JG779A HP HSR6800 RSE-X2 Router TAA MPU N/A N/A HSR6800 Russian Version Fix in Progress, Use Mitigation JG361A HP HSR6802 Router Chassis, JG362A HP HSR6804 Router Chassis, JG363A HP HSR6808 Router Chassis, JG364A HP HSR6800 RSE-X2 Router MPU, JG779A HP HSR6800 RSE-X2 Router TAA MPU N/A N/A HSR6602 Fix in Progress, Use Mitigation JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG776A HP HSR6602-G TAA Router, JG777A HP HSR6602-XG TAA Router, JG777A HP HSR6602-XG TAA Router N/A N/A HSR6602 Russian Version Fix in Progress, Use Mitigation JG353A HP HSR6602-G Router, JG354A HP HSR6602-XG Router, JG776A HP HSR6602-G TAA Router, JG777A HP HSR6602-XG TAA Router N/A N/A 6602 Fix in Progress, Use Mitigation JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D) N/A 6602 Russian Version Fix in Progress, Use Mitigation JC176A HP 6602 Router Chassis H3C SR6602 1U Router Host (0235A27D) N/A A6600 Fix in Progress, Use Mitigation JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP A6600 RSE-X1 Main Processing Unit, JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761), H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D) N/A A6600 Russian Version Fix in Progress, Use Mitigation JC165A HP 6600 RPE-X1 Router Module, JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis, JC566A HP A6600 RSE-X1 Main Processing Unit, JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR66-RPE-X1-H3 (0231A761), H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D) N/A 6600 MCP Fix in Progress, Use Mitigation JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis, JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU, JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D) N/A 6600 MCP Russian Version Fix in Progress, Use Mitigation JC177A HP 6608 Router, JC177B HP A6608 Router Chassis, JC178A HP 6604 Router Chassis, JC178B HP A6604 Router Chassis, JC496A HP 6616 Router Chassis, JG355A HP 6600 MCP-X1 Router MPU, JG356A HP 6600 MCP-X2 Router MPU, JG776A HP HSR6602-G TAA Router, JG777A HP HSR6602-XG TAA Router, JG778A HP 6600 MCP-X2 Router TAA MPU, H3C RT-SR6608-OVS-H3 (0235A32X), H3C RT-SR6604-OVS-H3 (0235A37X), H3C SR6616 Router Chassis (0235A41D) N/A 5920 Switch Series Fix in Progress, Use Mitigation JG296A HP 5920AF-24XG Switch, JG555A HP 5920AF-24XG TAA Switch N/A N/A 5900 Switch Series Fix in Progress, Use Mitigation JC772A HP 5900AF-48XG-4QSFP+ Switch, JG336A HP 5900AF-48XGT-4QSFP+ Switch, JG510A HP 5900AF-48G-4XG-2QSFP+ Switch, JG554A HP 5900AF-48XG-4QSFP+ TAA Switch, JG838A HP FF 5900CP-48XG-4QSFP+ Switch N/A N/A 5830 Switch Series Fix in Progress, Use Mitigation JC691A HP A5830AF-48G Switch w/1 Interface Slot, JC694A HP A5830AF-96G Switch, JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot, JG374A HP 5830AF-96G TAA Switch N/A N/A 5820 Switch Series Fix in Progress, Use Mitigation JC102A HP 5820-24XG-SFP+ Switch, JC106A HP 5820-14XG-SFP+ Switch with 2 Slots, JG219A HP 5820AF-24XG Switch, JG243A HP 5820-24XG-SFP+ TAA-compliant Switch, JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L), H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370) N/A 5800 Switch Series Fix in Progress, Use Mitigation JC099A HP 5800-24G-PoE Switch, JC100A HP 5800-24G Switch, JC101A HP 5800-48G Switch with 2 Slots, JC103A HP 5800-24G-SFP Switch, JC104A HP 5800-48G-PoE Switch, JC105A HP 5800-48G Switch, JG225A HP 5800AF-48G Switch, JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots, JG254A HP 5800-24G-PoE+ TAA-compliant Switch, JG255A HP 5800-24G TAA-compliant Switch, JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt, JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot, JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U), H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S), H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374), H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379), H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378), H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W) N/A 5500 HI Switch Series R5501P06 JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch, JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch, JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt, JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt, JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt, JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt, JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt, JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt N/A N/A 5500 EI Switch Series R2221P08 JD373A HP 5500-24G DC EI Switch, JD374A HP 5500-24G-SFP EI Switch, JD375A HP 5500-48G EI Switch, JD376A HP 5500-48G-PoE EI Switch, JD377A HP 5500-24G EI Switch, JD378A HP 5500-24G-PoE EI Switch, JD379A HP 5500-24G-SFP DC EI Switch, JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts, JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts, JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts, JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts, JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts, JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts, JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253), H3C S5500-28F-EI Eth Switch AC Single (0235A24U), H3C S5500-52C-EI Ethernet Switch (0235A24X), H3C S5500-28C-EI-DC Ethernet Switch (0235A24S), H3C S5500-28C-PWR-EI Ethernet Switch (0235A255), H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259), H3C S5500-52C-PWR-EI Ethernet Switch (0235A251) N/A 5500 SI Switch Series R2221P08 JD369A HP 5500-24G SI Switch, JD370A HP 5500-48G SI Switch, JD371A HP 5500-24G-PoE SI Switch, JD372A HP 5500-48G-PoE SI Switch, JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts, JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U), H3C S5500-52C-SI Ethernet Switch (0235A04V), H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H), H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J) N/A 5130 EI switch Series Fix in Progress, Use Mitigation JG932A HP 5130-24G-4SFP+ EI Switch, JG933A HP 5130-24G-SFP-4SFP+ EI Switch, JG934A HP 5130-48G-4SFP+ EI Switch, JG936A HP 5130-24G-PoE+-4SFP+ EI Swch, JG937A HP 5130-48G-PoE+-4SFP+ EI Swch, JG975A HP 5130-24G-4SFP+ EI BR Switch, JG976A HP 5130-48G-4SFP+ EI BR Switch, JG977A HP 5130-24G-PoE+-4SFP+ EI BR Swch, JG978A HP 5130-48G-PoE+-4SFP+ EI BR Swch 5120 EI Switch Series R2221P08 JE066A HP 5120-24G EI Switch, JE067A HP 5120-48G EI Switch, JE068A HP 5120-24G EI Switch with 2 Slots, JE069A HP 5120-48G EI Switch with 2 Slots, JE070A HP 5120-24G-PoE EI Switch with 2 Slots, JE071A HP 5120-48G-PoE EI Switch with 2 Slots, JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts, JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts, JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts, JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts, JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts, JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ), H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS), H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR), H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT), H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU), H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV) 5120 SI switch Series Fix in Progress, Use Mitigation JE072A HP 5120-48G SI Switch, JE073A HP 5120-16G SI Switch, JE074A HP 5120-24G SI Switch, JG091A HP 5120-24G-PoE+ (370W) SI Switch, JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W), H3C S5120-20P-SI L2, 16GE Plus 4SFP (0235A42B), H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D), H3C S5120-28P-HPWR-SI (0235A0E5), H3C S5120-28P-PWR-SI (0235A0E3) 4800 G Switch Series R2221P08 JD007A HP 4800-24G Switch, JD008A HP 4800-24G-PoE Switch, JD009A HP 4800-24G-SFP Switch, JD010A HP 4800-48G Switch, JD011A HP 4800-48G-PoE Switch N/A 3Com Switch 4800G 24-Port (3CRS48G-24-91), 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91), 3Com Switch 4800G 48-Port (3CRS48G-48-91), 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91), 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91) 4510G Switch Series R2221P08 JF428A HP 4510-48G Switch, JF847A HP 4510-24G Switch N/A 3Com Switch 4510G 48 Port (3CRS45G-48-91), 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91), 3Com Switch E4510-24G (3CRS45G-24-91) 4210G Switch Series R2221P08 JF844A HP 4210-24G Switch, JF845A HP 4210-48G Switch, JF846A HP 4210-24G-PoE Switch N/A 3Com Switch 4210-24G (3CRS42G-24-91), 3Com Switch 4210-48G (3CRS42G-48-91), 3Com Switch E4210-24G-PoE (3CRS42G-24P-91) 3610 Switch Series Fix in Progress, Use Mitigation JD335A HP 3610-48 Switch, JD336A HP 3610-24-4G-SFP Switch, JD337A HP 3610-24-2G-2G-SFP Switch, JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C), H3C S3610-28P - model LS-3610-28P-OVS (0235A22D), H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E), H3C S3610-28F - model LS-3610-28F-OVS (0235A22F) N/A 3600 V2 Switch Series R2110P03 JG299A HP 3600-24 v2 EI Switch, JG300A HP 3600-48 v2 EI Switch, JG301A HP 3600-24-PoE+ v2 EI Switch, JG301B HP 3600-24-PoE+ v2 EI Switch, JG302A HP 3600-48-PoE+ v2 EI Switch, JG302B HP 3600-48-PoE+ v2 EI Switch, JG303A HP 3600-24-SFP v2 EI Switch, JG304A HP 3600-24 v2 SI Switch, JG305A HP 3600-48 v2 SI Switch, JG306A HP 3600-24-PoE+ v2 SI Switch, JG306B HP 3600-24-PoE+ v2 SI Switch, JG307A HP 3600-48-PoE+ v2 SI Switch, JG307B HP 3600-48-PoE+ v2 SI Switch N/A N/A 3100V2 R5203P11 JD313B HP 3100-24-PoE v2 EI Switch, JD318B HP 3100-8 v2 EI Switch, JD319B HP 3100-16 v2 EI Switch, JD320B HP 3100-24 v2 EI Switch, JG221A HP 3100-8 v2 SI Switch, JG222A HP 3100-16 v2 SI Switch, JG223A HP 3100-24 v2 SI Switch N/A N/A 3100V2-48 R2110P03 JG315A HP 3100-48 v2 Switch N/A N/A 1920 Fix in Progress, Use Mitigation JG920A HP 1920-8G Switch, JG921A HP 1920-8G-PoE+ (65W) Switch, JG922A HP 1920-8G-PoE+ (180W) Switch, JG923A HP 1920-16G Switch, JG924A HP 1920-24G Switch, JG925A HP 1920-24G-PoE+ (180W) Switch, JG926A HP 1920-24G-PoE+ (370W) Switch, JG927A HP 1920-48G Switch 1910 R11 Fix in Progress, Use Mitigation JG536A HP 1910-8 Switch, JG537A HP 1910-8 -PoE+ Switch, JG538A HP 1910-24 Switch, JG539A HP 1910-24-PoE+ Switch, JG540A HP 1910-48 Switch N/A N/A 1910 R15 Fix in Progress, Use Mitigation JE005A HP 1910-16G Switch, JE006A HP 1910-24G Switch, JE007A HP 1910-24G-PoE (365W) Switch, JE008A HP 1910-24G-PoE(170W) Switch, JE009A HP 1910-48G Switch, JG348A HP 1910-8G Switch, JG349A HP 1910-8G-PoE+ (65W) Switch, JG350A HP 1910-8G-PoE+ (180W) Switch N/A N/A 1620 Fix in Progress, Use Mitigation JG912A HP 1620-8G Switch, JG913A HP 1620-24G Switch, JG914A HP 1620-48G Switch N/A N/A MSR20-1X Fix in Progress, Use Mitigation JD431A HP MSR20-10 Router, JD667A HP MSR20-15 IW Multi-Service Router, JD668A HP MSR20-13 Multi-Service Router, JD669A HP MSR20-13 W Multi-Service Router, JD670A HP MSR20-15 A Multi-Service Router, JD671A HP MSR20-15 AW Multi-Service Router, JD672A HP MSR20-15 I Multi-Service Router, JD673A HP MSR20-11 Multi-Service Router, JD674A HP MSR20-12 Multi-Service Router, JD675A HP MSR20-12 W Multi-Service Router, JD676A HP MSR20-12 T1 Multi-Service Router, JF236A HP MSR20-15-I Router,JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router,JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router,JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router,JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router,JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router,JG209A HP MSR20-12-T-W Router (NA), JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8), H3C MSR 20-10 (0235A0A7),H3C RT-MSR2011-AC-OVS-H3 (0235A395), H3C RT-MSR2012-AC-OVS-H3 (0235A396),H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2012-T-AC-OVS-H3 (0235A398),H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391),H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393),H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V),H3C MSR 20-11 (0235A31V), H3C MSR 20-12 (0235A32E),H3C MSR 20-12 T1 (0235A32B),H3C MSR 20-13 (0235A31W) , H3C MSR 20-13 W (0235A31X),H3C MSR 20-15 A (0235A31Q), H3C MSR 20-15 A W (0235A31R),H3C MSR 20-15 I (0235A31N), H3C MSR 20-15 IW (0235A31P),H3C MSR20-12 W (0235A32G) N/A MSR30 Fix in Progress, Use Mitigation JD654A HP MSR30-60 POE Multi-Service Router, JD657A HP MSR30-40 Multi-Service Router, JD658A HP MSR30-60 Multi-Service Router, JD660A HP MSR30-20 POE Multi-Service Router, JD661A HP MSR30-40 POE Multi-Service Router, JD666A HP MSR30-20 Multi-Service Router, JF229A HP MSR30-40 Router,JF230A HP MSR30-60 Router, JF232A HP RT-MSR3040-AC-OVS-AS-H3, JF235A HP MSR30-20 DC Router,JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router,JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router,JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328),H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322),H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C RT-MSR3040-AC-OVS-H (0235A299),H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-OVS-H3 (0235A320),H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296), H3C RT-MSR3060-DC-OVS-H3 (0235A269),H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S), H3C MSR 30-20 (0235A19L),H3C MSR 30-20 POE (0235A239), H3C MSR 30-40 (0235A20J),H3C MSR 30-40 POE (0235A25R), H3C MSR 30-60 (0235A20K),H3C MSR 30-60 POE (0235A25S), H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V) N/A MSR30-16 Fix in Progress, Use Mitigation JD659A HP MSR30-16 POE Multi-Service Router, JD665A HP MSR30-16 Multi-Service Router, JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321), H3C MSR 30-16 (0235A237), H3C MSR 30-16 POE (0235A238) N/A MSR30-1X Fix in Progress, Use Mitigation JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H), H3C RT-MSR3011-AC-OVS-H3 (0235A29L) N/A MSR50 Fix in Progress, Use Mitigation JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR5040-DC-OVS-H3C (0235A20P), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L) N/A MSR50-G2 Fix in Progress, Use Mitigation JD429A HP MSR50 G2 Processor Module, JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q), H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL) N/A MSR20 Russian version Fix in Progress, Use Mitigation JD663B HP MSR20-21 Router, JF228A HP MSR20-40 Router, JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324), H3C RT-MSR2040-AC-OVS-H3 (0235A326) N/A MSR20-1X Russian version Fix in Progress, Use Mitigation JD431A HP MSR20-10 Router, JF236A HP MSR20-15-I Router, JF237A HP MSR20-15-A Router, JF238A HP MSR20-15-I-W Router, JF239A HP MSR20-11 Router, JF240A HP MSR20-13 Router, JF241A HP MSR20-12 Router, JF806A HP MSR20-12-T Router, JF807A HP MSR20-12-W Router, JF808A HP MSR20-13-W Router, JF809A HP MSR20-15-A-W Router, JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7), H3C RT-MSR2015-AC-OVS-I-H3 (0235A394), H3C RT-MSR2015-AC-OVS-A-H3 (0235A392), H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393), H3C RT-MSR2011-AC-OVS-H3 (0235A395),H3C RT-MSR2013-AC-OVS-H3 (0235A390), H3C RT-MSR2012-AC-OVS-H3 (0235A396), H3C RT-MSR2012-T-AC-OVS-H3 (0235A398), H3C RT-MSR2012-AC-OVS-W-H3 (0235A397), H3C RT-MSR2013-AC-OVS-W-H3 (0235A391), H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V), H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) N/A MSR30 Russian version Fix in Progress, Use Mitigation JF229A HP MSR30-40 Router, JF230A HP MSR30-60 Router, JF235A HP MSR30-20 DC Router, JF284A HP MSR30-20 Router, JF287A HP MSR30-40 DC Router, JF801A HP MSR30-60 DC Router, JF802A HP MSR30-20 PoE Router, JF803A HP MSR30-40 PoE Router, JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299), H3C RT-MSR3060-AC-OVS-H3 (0235A320), H3C RT-MSR3020-DC-OVS-H3 (0235A267), H3C MSR 30-20 Router (0235A328), H3C MSR 30-40 Router Host(DC) (0235A268), H3C RT-MSR3060-DC-OVS-H3 (0235A269), H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322), H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323), H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) N/A MSR30-16 Russian version Fix in Progress, Use Mitigation JF233A HP MSR30-16 Router, JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327), H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) N/A MSR30-1X Russian version Fix in Progress, Use Mitigation JF800A HP MSR30-11 Router, JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr, JG182A HP MSR30-11E Router, JG183A HP MSR30-11F Router, JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L), H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) N/A MSR50 Russian version Fix in Progress, Use Mitigation JD433A HP MSR50-40 Router, JD653A HP MSR50 Processor Module, JD655A HP MSR50-40 Multi-Service Router, JD656A HP MSR50-60 Multi-Service Router, JF231A HP MSR50-60 Router, JF285A HP MSR50-40 DC Router, JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297), H3C MSR 50 Processor Module (0231A791), H3C MSR 50-40 Chassis (0235A20N), H3C MSR 50-60 Chassis (0235A20L), H3C RT-MSR5060-AC-OVS-H3 (0235A298), H3C MSR5040-DC-OVS-H3C (0235A20P) N/A MSR50 G2 Russian version Fix in Progress, Use Mitigation JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL) N/A MSR9XX Fix in Progress, Use Mitigation JF812A HP MSR900 Router, JF813A HP MSR920 Router, JF814A HP MSR900-W Router, JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr, JG207A HP MSR900-W Router (NA), JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2), H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX), H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4), H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) N/A MSR93X Fix in Progress, Use Mitigation JG512A HP MSR930 Wireless Router , JG513A HP MSR930 3G Router, JG514A HP MSR931 Router, JG515A HP MSR931 3G Router, JG516A HP MSR933 Router, JG517A HP MSR933 3G Router, JG518A HP MSR935 Router, JG519A HP MSR935 Wireless Router, JG520A HP MSR935 3G Router, JG531A HP MSR931 Dual 3G Router, JG596A HP MSR930 4G LTE/3G CDMA Router, JG597A HP MSR936 Wireless Router, JG665A HP MSR930 4G LTE/3G WCDMA Global Router, JG704A HP MSR930 4G LTE/3G WCDMA ATT Router N/A N/A MSR1000 Fix in Progress, Use Mitigation JG732A HP MSR1003-8 AC Router N/A N/A MSR1000 Russian version Fix in Progress, Use Mitigation JG732A HP MSR1003-8 AC Router N/A N/A MSR2000 Fix in Progress, Use Mitigation JG411A HP MSR2003 AC Router N/A N/A MSR3000 Fix in Progress, Use Mitigation JG404A HP MSR3064 Router, JG405A HP MSR3044 Router, JG406A HP MSR3024 AC Router, JG409A HP MSR3012 AC Router, JG861A HP MSR3024 TAA-compliant AC Router N/A N/A MSR4000 Fix in Progress, Use Mitigation JG402A HP MSR4080 Router Chassis, JG403A HP MSR4060 Router Chassis, JG412A HP MSR4000 MPU-100 Main Processing Unit N/A N/A F5000 Fix in Progress, Use Mitigation JG216A HP F5000 Firewall Standalone Chassis, JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG) N/A F5000 C R3811P03 JG650A HP F5000-C VPN Firewall Appliance N/A N/A F5000 S R3811P03 JG370A HP F5000-S VPN Firewall Appliance N/A N/A U200S and CS Fix in Progress, Use Mitigation JD268A HP 200-CS UTM Appliance, JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N) N/A U200A and M Fix in Progress, Use Mitigation JD274A HP 200-M UTM Appliance, JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q) N/A SecBlade III R3820P03 JG371A HP 12500 20Gbps VPN Firewall Module, JG372A HP 10500/11900/7500 20Gbps VPN FW Mod N/A N/A SecBlade FW R3181P05 JC635A HP 12500 VPN Firewall Module, JD245A HP 9500 VPN Firewall Module, JD249A HP 10500/7500 Advanced VPN Firewall Mod, JD250A HP 6600 Firewall Processing Rtr Module, JD251A HP 8800 Firewall Processing Module, JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV), H3C S7500E SecBlade VPN Firewall Module (0231A832), H3C SR66 Gigabit Firewall Module (0231A88A), H3C SR88 Firewall Processing Module (0231A88L), H3C S5820 SecBlade VPN Firewall Module (0231A94J) N/A F1000E R3181P05 JD272A HP F1000-E VPN Firewall Appliance F1000-A R3734P06 JG214A HP F1000-A-EI VPN Firewall Appliance F1000-S R3734P06 JG213A HP F1000-S-EI VPN Firewall Appliance VSR1000 Fix in Progress, Use Mitigation JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software, JG811AAE HP VSR1001 Comware 7 Virtual Services Router, JG812AAE HP VSR1004 Comware 7 Virtual Services Router, JG813AAE HP VSR1008 Comware 7 Virtual Services Router N/A N/A WX5002/5004 Fix in Progress, Use Mitigation JD441A HP 5800 ACM for 64-256 APs, JD447B HP WX5002 Access Controller, JD448A HP A-WX5004 Access Controller, JD448B HP WX5004 Access Controller, JD469A HP A-WX5004 (3Com) Access Controller, JG261A HP 5800 Access Controller OAA TAA Mod N/A N/A HP 850/870 Fix in Progress, Use Mitigation JG723A HP 870 Unified Wired-WLAN Appliance, JG725A HP 870 Unifd Wrd-WLAN TAA Applnc, JG722A HP 850 Unified Wired-WLAN Appliance, JG724A HP 850 Unifd Wrd-WLAN TAA Applnc N/A N/A HP 830 Fix in Progress, Use Mitigation JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch, JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch, JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch, JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch N/A N/A HP 6000 Fix in Progress, Use Mitigation JG639A HP 10500/7500 20G Unified Wired-WLAN Mod, JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod N/A N/A VCX Fix in Progress, Use Mitigation J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr, J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr, JC517A HP VCX V7205 Platform w/DL 360 G6 Server, JE355A HP VCX V6000 Branch Platform 9.0, JC516A HP VCX V7005 Platform w/DL 120 G6 Server, JC518A HP VCX Connect 200 Primry 120 G6 Server, J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr, JE341A HP VCX Connect 100 Secondary, JE252A HP VCX Connect Primary MIM Module, JE253A HP VCX Connect Secondary MIM Module, JE254A HP VCX Branch MIM Module, JE355A HP VCX V6000 Branch Platform 9.0, JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod, JD023A HP MSR30-40 Router with VCX MIM Module, JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM, JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod, JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod, JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod, JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS, JE340A HP VCX Connect 100 Pri Server 9.0, JE342A HP VCX Connect 100 Sec Server 9.0 N/A N/A HISTORY Version:1 (rev.1) - 18 February 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy
VAR-201412-0612 CVE-2014-9296 NTP Project Network Time Protocol daemon (ntpd) contains multiple vulnerabilities (Updated) CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. http://cwe.mitre.org/data/definitions/17.htmlA third party can trigger unintentional association changes through crafted packets. Network Time Protocol is prone to an unspecified security vulnerability. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Network Time Protocol 4.2.7 is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2015:0104-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0104.html Issue date: 2015-01-28 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 ===================================================================== 1. Summary: Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 3. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys. (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm i386: ntp-4.2.6p5-2.el6_5.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntpdate-4.2.6p5-2.el6_5.i686.rpm ppc64: ntp-4.2.6p5-2.el6_5.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntpdate-4.2.6p5-2.el6_5.ppc64.rpm s390x: ntp-4.2.6p5-2.el6_5.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntpdate-4.2.6p5-2.el6_5.s390x.rpm x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm i386: ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntp-perl-4.2.6p5-2.el6_5.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntp-perl-4.2.6p5-2.el6_5.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntp-perl-4.2.6p5-2.el6_5.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyTXWXlSAg2UNWIIRAsXzAKCilJuJeeWLOABs1xY+ueRvRTSpWACcDhoC YQlhn66RRMYQCWymo1OCUoI= =4Rft -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Release Date: 2015-02-18 Last Updated: 2015-02-18 Potential Security Impact: Remote execution of code, Denial of Service (DoS), or other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. References: CVE-2014-9293 - Insufficient Entropy in Pseudo-Random Number Generator (PRNG) (CWE-332) CVE-2014-9294 - Use of Cryptographically Weak PRNG (CWE-338) CVE-2014-9295 - Stack Buffer Overflow (CWE-121) CVE-2014-9296 - Error Conditions, Return Values, Status Codes (CWE-389) CVE-2014-9297 - Improper Check for Unusual or Exceptional Conditions (CWE-754) SSRT101872 VU#852879 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.31 running NTP version C.4.2.6.4.0 or previous HP-UX B.11.23 running XNTP version 3.5 or previous BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-9293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9294 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9295 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-9296 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-9297 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following patch for HP-UX B.11.31. A workaround for HP-UX B.11.23 and B.11.11 to temporarily resolve these vulnerabilities follows below. The B.11.31 patch is available from: ftp://ntp42650:Secure12@h2.usa.hp.com or https://h20392.www2.hp.com/portal/sw depot/displayProductInfo.do?productNumber=HPUX-NTP Mitigation steps for HP-UX B.11.23 and B.11.11 for CVE-2014-9295 Restrict query for server status (Time Service is not affected) from ntpq/ntpdc by enabling .noquery. using the restrict command in /etc/ntp.conf file. Reference: http://support.ntp.org/bin/view/Main/SecurityNotice NOTE: This bulletin will be revised when patches for XNTP v3.5 on B.11.23 and B.11.11 become available. MANUAL ACTIONS: No PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 ================== NTP.INETSVCS2-BOOT NTP.NTP-AUX NTP.NTP-RUN action: install revision C.4.2.6.5.0 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 18 February 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The two patches are available from the HP Support Center (HPSC). Reference: http://support.ntp.org/bin/view/Main/SecurityNotice MANUAL ACTIONS: Yes - Update If patch installation on B.11.11 or B.11.23 is not possible, mitigate with step above. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. Cisco will release free software updates that address these vulnerabilities. The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process (CVE-2014-9295). A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker (CVE-2014-9296). Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service (CVE-2014-9297). Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9298 http://advisories.mageia.org/MGASA-2014-0541.html http://advisories.mageia.org/MGASA-2015-0063.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 8f7d14b95c55bd1de7230cff0c8ea9d7 mbs2/x86_64/ntp-4.2.6p5-16.1.mbs2.x86_64.rpm 09063ab11459b1f935809b37c742ff12 mbs2/x86_64/ntp-client-4.2.6p5-16.1.mbs2.x86_64.rpm 7a0d0eca35911d9f15b76b474c5512cf mbs2/x86_64/ntp-doc-4.2.6p5-16.1.mbs2.noarch.rpm cb0371050702950084ff633ea45c2c5c mbs2/SRPMS/ntp-4.2.6p5-16.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF9K3mqjQ0CJFipgRAn26AJwInkxLvDh/Gbb3uYRz9IjuaSK8+ACgiM1Z rou2syvF1hyhVhxh7M5sv3c= =uncU -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8-i486-1_slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes several high-severity vulnerabilities discovered by Neel Mehta and Stephen Roettger of the Google Security Team. For more information, see: https://www.kb.cert.org/vuls/id/852879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ntp-4.2.8-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/ntp-4.2.8-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ntp-4.2.8-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ntp-4.2.8-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ntp-4.2.8-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ntp-4.2.8-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ntp-4.2.8-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ntp-4.2.8-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ntp-4.2.8-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ntp-4.2.8-x86_64-1_slack14.1.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/ntp-4.2.8-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/ntp-4.2.8-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 package: 18d7f09e90cf2434f59d7e9f11478fba ntp-4.2.8-i486-1_slack13.0.txz Slackware x86_64 13.0 package: edd178e3d2636433dd18f52331af17a5 ntp-4.2.8-x86_64-1_slack13.0.txz Slackware 13.1 package: 4b6da6fa564b1fe00920d402ff97bd43 ntp-4.2.8-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 292ae7dbd3ea593c5e28cbba7c2b71fa ntp-4.2.8-x86_64-1_slack13.1.txz Slackware 13.37 package: 294b8197d360f9a3cf8186619b60b73c ntp-4.2.8-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 7cd5b63f8371b1cc369bc56e4b4efd5a ntp-4.2.8-x86_64-1_slack13.37.txz Slackware 14.0 package: 32eab67538c33e4669bda9200799a497 ntp-4.2.8-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 33ecf4845fa8533a12a98879815bde08 ntp-4.2.8-x86_64-1_slack14.0.txz Slackware 14.1 package: f2b45a45c846a909ae201176ce359939 ntp-4.2.8-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 12d7ab6e2541af4d1282621d3773e7f7 ntp-4.2.8-x86_64-1_slack14.1.txz Slackware -current package: 5b2150cee9840d8bb547098cccde879a n/ntp-4.2.8-i486-1.txz Slackware x86_64 -current package: 9ce09c5d6a60d3e2117988e4551e4af1 n/ntp-4.2.8-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ntp-4.2.8-i486-1_slack14.1.txz Then, restart the NTP daemon: # sh /etc/rc.d/rc.ntpd restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-2449-1 December 22, 2014 ntp vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in NTP. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. (CVE-2014-9295) Stephen Roettger discovered that NTP incorrectly continued processing when handling certain errors. (CVE-2014-9296) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.10.1 Ubuntu 14.04 LTS: ntp 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1 Ubuntu 12.04 LTS: ntp 1:4.2.6.p3+dfsg-1ubuntu3.2 Ubuntu 10.04 LTS: ntp 1:4.2.4p8+dfsg-1ubuntu2.2 After a standard system update you need to regenerate any MD5 keys that were manually created with ntp-keygen. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2015 Hewlett-Packard Development Company, L.P