CPE / ntpd

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CPE / ntpd

luerssen-2
I'm evaluating CPE for one of my customers, but now I've
discovered some inconsistencies:

cpe:/a:dave_mills:ntpd:4.0.99 is referenced in

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-414

But I can't find any 'ntp' information in:

* official-cpe-dictionary_v2.1.xml
* official-cpe-dictionary_v2.2.xml
* http://web.nvd.nist.gov/view/cpe/search

The nvd_to_cpe_mapping.csv doesn't help.

Please help,
Andre
Reply | Threaded
Open this post in threaded view
|

Re: CPE / ntpd

McCormick, Christopher [USA]
Hello,

The NVD hosts the Official CPE Dictionary and also analyzes CVE data from MITRE which produces a CPE or CPEs as added value.  The hosting / maintenance of the CPE Dictionary and NVD analysis are distinct and separate workflows with different resources allocated.  In late December 2009 NIST took on the responsibility of accepting name contributions and processing them to the CPE Dictionary.  Please refer to the information located at both http://cpe.mitre.org/dictionary/index.html and http://nvd.nist.gov/cpe.cfm for a better understanding of the submission process.  In the event you would like to designate a CPEs noted in a CVE as Official, please submit the proposed CPE Dictionary submissions to NIST at [hidden email] for consideration.

Regards,

Chris McCormick
National Vulnerability Database
nvd.nist.gov


-----Original Message-----
From: luerssen [mailto:[hidden email]]
Sent: Wednesday, February 24, 2010 2:13 PM
To: [hidden email]
Subject: [CPE-DISCUSSION-LIST] CPE / ntpd

I'm evaluating CPE for one of my customers, but now I've discovered some inconsistencies:

cpe:/a:dave_mills:ntpd:4.0.99 is referenced in

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-414

But I can't find any 'ntp' information in:

* official-cpe-dictionary_v2.1.xml
* official-cpe-dictionary_v2.2.xml
* http://web.nvd.nist.gov/view/cpe/search

The nvd_to_cpe_mapping.csv doesn't help.

Please help,
Andre