You can use the Security Finder to search for security issues and their impact on Riverbed products. This
page is
continuously updated, displaying the most current public security issues first. The search box can be used to
look up
records by specific CVE numbers or relevant search word, e.g. Apache, 8.5.0, Workaround. For additional
search tips,
refer to article S16165. Security issues listed here are categorized into three groups: fixed, workaround recommended and not applicable.
For general security topics, security best practices and other security related topics, try performing a general search.
BETA FEATURE: This feature is currently under development and is considered Beta Software. We are still
enhancing the
features and results so please exercise caution when interpreting and implementing the results. If you have
any
questions, please open a case with Riverbed Support. If you have feedback for this tool, please send it to
supportfeedback@riverbed.com.
Riverbed Technology is committed to protecting customers against vulnerabilities in our supported products.
Vulnerabilities are addressed in accordance to the software support policy.
https://support.riverbed.com/content/support/about_support/end_of_life_policy.html
For search tips, read article S16165.
DETAILS: NTP before 4.2.8p10 has security vulnerabilities described at http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu. Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config (Pentest report 01.2017) Reported by Cure53. Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Pentest report 01.2017) Reported by Cure53. Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Pentest report 01.2017) Reported by Cure53. Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value (Pentest report 01.2017) Reported by Cure53. Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest report 01.2017) Reported by Cure53. Sec 3384 / CVE-2017-6455 / VU#325339: NTP-01-009 NTP: Windows: Privileged execution of User Library code (Pentest report 01.2017) Reported by Cure53. Sec 3383 / CVE-2017-6452 / VU#325339: NTP-01-008 NTP: Windows Installer: Stack Buffer Overflow from Command Line (Pentest report 01.2017) Reported by Cure53. Sec 3382 / CVE-2017-6459 / VU#325339: NTP-01-007 NTP: Windows Installer: Data Structure terminated insufficiently (Pentest report 01.2017) Reported by Cure53. Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report 01.2017) Reported by Cure53. Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report 01.2017) Reported by Cure53. Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Pentest report 01.2017) Reported by Cure53. Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send() (Pentest report 01.2017) Reported by Cure53. Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist (Pentest report 01.2017) Reported by Cure53. Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest report 01.2017) Reported by Cure53. Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin Reported by Matthew Van Gundy of Cisco ASIG. FIX: Upgraded NTP to 4.2.8p10. RECOMMENDATION: Upgrade to a software version with the fix.