logo
DATABASE RESOURCES PRICING ABOUT US

ntp -- multiple vulnerabilities

Description

Network Time Foundation reports: The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11. This release addresses five security issues in ntpd: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association one security issue in ntpq: MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit and provides over 33 bugfixes and 32 other improvements.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any freebsd 11.1
FreeBSD any freebsd 11.1_7
FreeBSD any ntp 4.2.8p11

Related