JVN Info.

Id
40616  
Name
JVNDB-2009-001622  
Title
Oracle PeopleSoft Enterprise および JD Edwards EnterpriseOne の PeopleSoft Enterprise HRMS コンポーネントにおける機密性および完全性に影響を及ぼされる脆弱性  
Summary
Oracle PeopleSoft Enterprise および JD Edwards EnterpriseOne の PeopleSoft Enterprise HRMS コンポーネントには、機密性および完全性に影響を及ぼされる脆弱性が存在します。  
Nvdinfo
CVE-2008-5452  
Cvssv2
5.5  
Jvnurl
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001622.html  
Published Date
2009-01-14  
Registered Date
2009-07-08  
Last Updated Date
2009-07-08  

Actions

Related Nessuslogs

Id Log ID Jvninfo Id Plugin ID CVE CVSS Risk Host Protocol Port Name Synopsis Description Solution See Also Plugin Output Actions
9856 H28-MOJ-Online-Nara-16-seg-2-20161126-soga_e6g03u.csv 40616 71783 CVE-2013-5211 5 Medium 172.27.137.62 udp 123 NTP monlist Command Enabled The remote network time service could be used for network reconnaissance or abused in a distributed denial of service attack. The version of ntpd on the remote host has the "monlist" command enabled. This command returns a list of recent hosts that have connected to the service. As such, it can be used for network reconnaissance or, along with a spoofed source IP, a distributed denial of service attack. If using NTP from the Network Time Protocol Project, either upgrade to NTP 4.2.7-p26 or later, or add "disable monitor" to the "ntp.conf" configuration file and restart the service. Otherwise, contact the vendor. Otherwise, limit access to the affected service to trusted hosts. https://isc.sans.edu/diary/NTP+reflection+attack/17300 http://bugs.ntp.org/show_bug.cgi?id=1532 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613 Nessus was able to retrieve the following list of recent hosts to connect to this NTP server : 172.27.137.3 172.27.139.34 172.27.137.26 172.27.141.195 172.27.139.235 172.27.137.63
51173 H28_MUN_DWEB_Q4_172_16_240_seg.csv 40616 87674 CVE-2013-5211 5 Medium 172.16.240.115 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the glibc package in file malloc/malloc.c. An unauthenticated, remote attacker can exploit these to cause heap memory corruption by passing large values to the pvalloc(), valloc(), posix_memalign(), memalign(), or aligned_alloc() functions, resulting in a denial of service. (CVE-2013-4332) - A distributed denial of service (DDoS) vulnerability exists in the NTP daemon due to improper handling of the "monlist" command. A remote attacker can exploit this, via a forged request to an affected NTP server, to cause an amplified response to the intended target of the DDoS attack. (CVE-2013-5211) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 / 5.1 / 5.5. https://www.vmware.com/security/advisories/VMSA-2014-0002 http://lists.vmware.com/pipermail/security-announce/2014/000281.html Version : ESX 4.0 Installed build : 208167 Fixed build : 1682696
51963 H28_MUN_DWEB_Q4_172_16_240_seg.csv 40616 71783 CVE-2013-5211 5 Medium 172.16.240.131 udp 123 Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS The remote NTP server is affected by a denial of service vulnerability. The version of ntpd running on the remote host has the "monlist" command enabled. This command returns a list of recent hosts that have connected to the service. However, it is affected by a denial of service vulnerability in ntp_request.c that allows an unauthenticated, remote attacker to saturate network traffic to a specific IP address by using forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests. Furthermore, an attacker can exploit this issue to conduct reconnaissance or distributed denial of service (DDoS) attacks. If using NTP from the Network Time Protocol Project, upgrade to NTP version 4.2.7-p26 or later. Alternatively, add "disable monitor" to the ntp.conf configuration file and restart the service. Otherwise, limit access to the affected service to trusted hosts, or contact the vendor for a fix. https://isc.sans.edu/diary/NTP+reflection+attack/17300 http://bugs.ntp.org/show_bug.cgi?id=1532 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613 Nessus was able to retrieve the following list of recent hosts to connect to this NTP server : 172.16.240.237 192.168.242.250 172.16.240.238
51968 H28_MUN_DWEB_Q4_172_16_240_seg.csv 40616 87674 CVE-2013-5211 5 Medium 172.16.240.131 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the glibc package in file malloc/malloc.c. An unauthenticated, remote attacker can exploit these to cause heap memory corruption by passing large values to the pvalloc(), valloc(), posix_memalign(), memalign(), or aligned_alloc() functions, resulting in a denial of service. (CVE-2013-4332) - A distributed denial of service (DDoS) vulnerability exists in the NTP daemon due to improper handling of the "monlist" command. A remote attacker can exploit this, via a forged request to an affected NTP server, to cause an amplified response to the intended target of the DDoS attack. (CVE-2013-5211) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 / 5.1 / 5.5. https://www.vmware.com/security/advisories/VMSA-2014-0002 http://lists.vmware.com/pipermail/security-announce/2014/000281.html Version : ESXi 4.1 Installed build : 800380 Fixed build : 1682698
52964 H28_MUN_DWEB_Q4_192_168_242_Part1.csv 40616 71783 CVE-2013-5211 5 Medium 192.168.242.250 udp 123 Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS The remote NTP server is affected by a denial of service vulnerability. The version of ntpd running on the remote host has the "monlist" command enabled. This command returns a list of recent hosts that have connected to the service. However, it is affected by a denial of service vulnerability in ntp_request.c that allows an unauthenticated, remote attacker to saturate network traffic to a specific IP address by using forged REQ_MON_GETLIST or REQ_MON_GETLIST_1 requests. Furthermore, an attacker can exploit this issue to conduct reconnaissance or distributed denial of service (DDoS) attacks. If using NTP from the Network Time Protocol Project, upgrade to NTP version 4.2.7-p26 or later. Alternatively, add "disable monitor" to the ntp.conf configuration file and restart the service. Otherwise, limit access to the affected service to trusted hosts, or contact the vendor for a fix. https://isc.sans.edu/diary/NTP+reflection+attack/17300 http://bugs.ntp.org/show_bug.cgi?id=1532 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613 Nessus was able to retrieve the following list of recent hosts to connect to this NTP server : 192.168.242.237 172.16.212.222 172.16.61.2 192.168.243.110 172.16.61.5 192.168.243.242
56754 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 40616 87674 CVE-2013-5211 5 Medium 172.16.240.115 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the glibc package in file malloc/malloc.c. An unauthenticated, remote attacker can exploit these to cause heap memory corruption by passing large values to the pvalloc(), valloc(), posix_memalign(), memalign(), or aligned_alloc() functions, resulting in a denial of service. (CVE-2013-4332) - A distributed denial of service (DDoS) vulnerability exists in the NTP daemon due to improper handling of the "monlist" command. A remote attacker can exploit this, via a forged request to an affected NTP server, to cause an amplified response to the intended target of the DDoS attack. (CVE-2013-5211) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 / 5.1 / 5.5. https://www.vmware.com/security/advisories/VMSA-2014-0002 http://lists.vmware.com/pipermail/security-announce/2014/000281.html Version : ESX 4.0 Installed build : 208167 Fixed build : 1682696
57539 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 40616 71783 CVE-2013-5211 5 Medium 172.16.240.131 udp 123 NTP monlist Command Enabled The remote network time service could be used for network reconnaissance or abused in a distributed denial of service attack. The version of ntpd on the remote host has the "monlist" command enabled. This command returns a list of recent hosts that have connected to the service. As such, it can be used for network reconnaissance or, along with a spoofed source IP, a distributed denial of service attack. If using NTP from the Network Time Protocol Project, either upgrade to NTP 4.2.7-p26 or later, or add "disable monitor" to the "ntp.conf" configuration file and restart the service. Otherwise, contact the vendor. Otherwise, limit access to the affected service to trusted hosts. https://isc.sans.edu/diary/NTP+reflection+attack/17300 http://bugs.ntp.org/show_bug.cgi?id=1532 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613 Nessus was able to retrieve the following list of recent hosts to connect to this NTP server : 172.16.240.237 192.168.242.250 172.16.240.238
57544 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 40616 87674 CVE-2013-5211 5 Medium 172.16.240.131 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the glibc package in file malloc/malloc.c. An unauthenticated, remote attacker can exploit these to cause heap memory corruption by passing large values to the pvalloc(), valloc(), posix_memalign(), memalign(), or aligned_alloc() functions, resulting in a denial of service. (CVE-2013-4332) - A distributed denial of service (DDoS) vulnerability exists in the NTP daemon due to improper handling of the "monlist" command. A remote attacker can exploit this, via a forged request to an affected NTP server, to cause an amplified response to the intended target of the DDoS attack. (CVE-2013-5211) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1 and ESXi version 4.0 / 4.1 / 5.0 / 5.1 / 5.5. https://www.vmware.com/security/advisories/VMSA-2014-0002 http://lists.vmware.com/pipermail/security-announce/2014/000281.html Version : ESXi 4.1 Installed build : 800380 Fixed build : 1682698
58867 H28_DWeb_NWScan_Q1_192_168_242_Seg.csv 40616 71783 CVE-2013-5211 5 Medium 192.168.242.250 udp 123 NTP monlist Command Enabled The remote network time service could be used for network reconnaissance or abused in a distributed denial of service attack. The version of ntpd on the remote host has the "monlist" command enabled. This command returns a list of recent hosts that have connected to the service. As such, it can be used for network reconnaissance or, along with a spoofed source IP, a distributed denial of service attack. If using NTP from the Network Time Protocol Project, either upgrade to NTP 4.2.7-p26 or later, or add "disable monitor" to the "ntp.conf" configuration file and restart the service. Otherwise, contact the vendor. Otherwise, limit access to the affected service to trusted hosts. https://isc.sans.edu/diary/NTP+reflection+attack/17300 http://bugs.ntp.org/show_bug.cgi?id=1532 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10613 Nessus was able to retrieve the following list of recent hosts to connect to this NTP server : 192.168.242.237 172.16.212.222 172.16.241.222 172.16.240.129 172.16.50.101 172.16.241.248