MiracleLinux 7 : ntp-4.2.6p5-22.0.1.el7.AXS7 (AXSA:2015-852:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-852:03 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which...

MiracleLinux 7 : ntp-4.2.6p5-25.0.1.el7.AXS7 (AXSA:2016-1181:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-1181:02 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which...

EUVD-2015-5158

Malware in sbrugna...

EUVD-2015-7746

Malware in sbrugna...

EUVD-2005-2497

Malware in sbrugna...

EUVD-2004-0656

Malware in sbrugna...

ROS-20250212-13

Vulnerability in the ntpd daemon implementation of the NTP time synchronization protocol is related to insufficient validation of user input during NTP packet processing. user input during NTP packet processing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

Fedora: Security Advisory for ntp-refclock (FEDORA-2023-c0762a0e57)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] ntp

New ntp packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ntp-4.2.8p16-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues. For more information, see:...

SUSE CVE-2009-1252

Stack-based buffer overflow in the cryptorecv function in ntpcrypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field...

SUSE CVE-2015-1798

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

SUSE CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service service crash via a NULL byte in a crafted configuration...

SUSE CVE-2015-7848

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to ...

SUSE CVE-2015-7871

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication...

SUSE CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

Security Bulletin: Multiple Vulnerabilities in Network Time Protocol (NTP) Affect Power Hardware Management Console (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296)

Summary There are multiple vulnerabilities in Network Time Protocol NTP Project NTP daemon ntpd that is used by Power Hardware Management Console Vulnerability Details CVE-ID: CVE-2014-9293 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could provide weaker than expected security,...

CVE-2021-0227 Junos OS: SRX Series: Denial of Service in J-Web upon receipt of crafted HTTP packets

An improper restriction of operations within the bounds of a memory buffer vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows an attacker to cause Denial of Service DoS by sending certain crafted HTTP packets. Continued receipt and processing of these packets will creat...

CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

CVE-2004-0657

Integer overflow in the NTP daemon NTPd before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time...

USN-4229-1: NTP vulnerability

It was discovered that ntpq and ntpdc incorrectly handled some arguments. An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute arbitrary code, or escalate to higher privileges...