CVE IDs: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
Looking for QID for above CVEs. Can any one help me on this.
195711 Ubuntu Security Notification for Ntp Vulnerabilities (USN-2449-1)
123044 Red Hat Update for ntp (RHSA-2014-2025)
123045 Red Hat Update for ntp (RHSA-2014-2024)
123064 CentOS Security Update for ntp Security (CESA-2014:2024)
123065 CentOS Security Update for ntp Security (CESA-2014:2025)
123066 Fedora Security Update for ntp (FEDORA-2014-17361)
123067 Debian Security Update for ntp (DSA 3108-1)
156987 Oracle Enterprise Linux Security Update for ntp (ELSA-2014-2024, ELSA2014-2025)
123068 Apple Mac OS X NTP Security Update Not Installed (HT6601)
167339 OpenSuSE Security Update for ntp (openSUSE-SU-2014:1680-1)
167335 OpenSuSE Security Update for ntp (openSUSE-SU-2014:1670-1)
I don't think the QID's have been created yet for these 4 CVE's, I was just looking for them using the Search List test and they aren't showing up yet.
In the meantime:
Search for application > NTP
Select asset group
Export to CSV
This gives you a list of all assets running NTP with the version. Depending on your environment anything under 4.2.8 (or 4.2.6p5-19 for Centos7, 4.2.6p5-2 for Centos6, etc) is vulnerable.
Thank you Kolby Dauler.
I have tried the asset group option. But I didn't get the result required. The CSV file doesn't have the vulnerability information/NTP version in it.
Interesting. Does it list NTP in the Application column of the export?
Make sure you run a VM scan first. QID 45141 is the source for my findings. When that's done, you can skip the Asset group option and just enter "NTP" into the 'Search for Application' box.
The QID 45141 will give the list of RPMs installed on the servers. And its and informational. But I am looking for a QID to find-out the NTP vulnerabilities on the servers.
I am checking with Qualys as well other Vendors. No update.
I've found that using the services/ports tab instead of the applications tab produces better results. I have had to use filter the list by port number, 123, instead of service, NTP, though or it won't produce results. Looks like this functionality needs a little work by Qualys but the list filtered by port was useful as a starting point for exploring this vulnerability.
I started on the ports/services tab but I couldn't enumerate the version of NTP without the Application tab. Is there a preference I need to adjust for the ports/service tab to include version information? That would be great to know for future vulns.
I didn't look for the version, but you are correct, that would be good to know for future vulnerabilities. Otherwise we have to wait for QID's to come out for CVE's before we can get a good picture of our exposure. In this case, I just used the information of the devices that were exposing NTP and explored why these were open and shut had them shut down, but this method won't work for many of the vulnerabilities we see.
Including version number will be very helpful, is Qualys planning to add this feature into QG?
There are currently 9 QIDs just for CVE-2014-9293. If you do a search for the CVE in the KnowledgeBase, it will tell you the current QIDs. Alternatively, you can create a dynamic search list.
I have found QID's for all 4 CVE's related to the NTP vulnerability using Dynamic Search List.
Question for everyone, for this particular vulnerability I have to create 4 Dynamic Search List, one for each CVE. Then create an Option Profile that uses all 4 Search list as a filter. Is there anyway to list all 4 CVE's in one Search List? In the past the major vulnerabilities have a name that you can use to create the Search List, such as Poodle, but for this particular Vulnerability I have had to create the 4 search list using the CVE's.
The QIDs are now available
Thank you so much for the QID information.
Retrieving data ...