JunOS Local Security Checks : Juniper Networks Junos OS NTP Server Amplification Denial of Service Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.105920

Kategorie: JunOS Local Security Checks

Titel: Juniper Networks Junos OS NTP Server Amplification Denial of Service Vulnerability

Zusammenfassung: DoS in NTP server

Beschreibung: Summary:
DoS in NTP server

Vulnerability Insight:
When an NTP client or server is enabled within the [edit system
ntp] hierarchy level of the Junos configuration, REQ_MON_GETLIST and REQ_MON_GETLIST_1 control messages
supported by the monlist feature within NTP may allow remote attackers to cause a denial of service. NTP
is not enabled in Junos by default.

Vulnerability Impact:
If NTP is enabled an attacker can exploit the control messages to use
it as part of a DoS attack against a remote victim or as the target of an attack against the device itself.

Affected Software/OS:
Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3

Solution:
New builds of Junos OS software are available from Juniper.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-5211
BugTraq ID: 64692
http://www.securityfocus.com/bid/64692
Cert/CC Advisory: TA14-013A
http://www.us-cert.gov/ncas/alerts/TA14-013A
CERT/CC vulnerability note: VU#348126
http://www.kb.cert.org/vuls/id/348126
HPdes Security Advisory: HPSBOV03505
http://marc.info/?l=bugtraq&m=144182594518755&w=2
HPdes Security Advisory: HPSBUX02960
http://marc.info/?l=bugtraq&m=138971294629419&w=2
HPdes Security Advisory: SSRT101419
http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04
http://openwall.com/lists/oss-security/2013/12/30/6
http://openwall.com/lists/oss-security/2013/12/30/7
http://lists.ntp.org/pipermail/pool/2011-December/005616.html
http://www.securitytracker.com/id/1030433
http://secunia.com/advisories/59288
http://secunia.com/advisories/59726
SuSE Security Announcement: openSUSE-SU-2014:1149 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html

Copyright Copyright (C) 2014 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.105920
Kategorie:	JunOS Local Security Checks
Titel:	Juniper Networks Junos OS NTP Server Amplification Denial of Service Vulnerability
Zusammenfassung:	DoS in NTP server
Beschreibung:	Summary: DoS in NTP server Vulnerability Insight: When an NTP client or server is enabled within the [edit system ntp] hierarchy level of the Junos configuration, REQ_MON_GETLIST and REQ_MON_GETLIST_1 control messages supported by the monlist feature within NTP may allow remote attackers to cause a denial of service. NTP is not enabled in Junos by default. Vulnerability Impact: If NTP is enabled an attacker can exploit the control messages to use it as part of a DoS attack against a remote victim or as the target of an attack against the device itself. Affected Software/OS: Junos OS 11.4, 12.1, 12.2, 12.3, 13.1, 13.2, 13.3 Solution: New builds of Junos OS software are available from Juniper. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5211 BugTraq ID: 64692 http://www.securityfocus.com/bid/64692 Cert/CC Advisory: TA14-013A http://www.us-cert.gov/ncas/alerts/TA14-013A CERT/CC vulnerability note: VU#348126 http://www.kb.cert.org/vuls/id/348126 HPdes Security Advisory: HPSBOV03505 http://marc.info/?l=bugtraq&m=144182594518755&w=2 HPdes Security Advisory: HPSBUX02960 http://marc.info/?l=bugtraq&m=138971294629419&w=2 HPdes Security Advisory: SSRT101419 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://openwall.com/lists/oss-security/2013/12/30/6 http://openwall.com/lists/oss-security/2013/12/30/7 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://www.securitytracker.com/id/1030433 http://secunia.com/advisories/59288 http://secunia.com/advisories/59726 SuSE Security Announcement: openSUSE-SU-2014:1149 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html
Copyright	Copyright (C) 2014 Greenbone AG