[SECURITY] Fedora 23 Update: ntp-4.2.6p5-34.fc23

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...

CentOS Update for ntp CESA-2015:1930 centos7

Check the version of ntp SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882307";...

Important: ntp

Issue Overview: It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable...

Important: Red Hat Security Advisory: ntp security update

Updated ntp packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

FreeBSD-SA-15:25.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:25.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp REVISED Category: contrib Module: ntp Announced: 2015-10-26, revised on...

Password Safe And Repository Enterprise 7.4.4 Build 2247 Multiple Vulnerabilities

Password Safe and Repository Enterprise version 7.4.4 Build 2247 suffers from remote SQL injection, authentication bypass and insufficiently protecting credentials by using an unsalted MD5 hash for protection vulnerabilities. Products: Password Safe and Repository Enterprise Affected Versions:...

[SECURITY] Fedora 22 Update: ntp-4.2.6p5-33.fc22

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...

The vulnerability of the Firefox browser, which allows a hacker to execute arbitrary code or trigger a service failure.

The vulnerability of the WorkerPrivate::NotifyFeatures function in the Firefox browser is caused by synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure due to errors in the implementation ...

F5 Networks BIG-IP : NTP vulnerability (K16506)

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service synchronization loss by spoofing the...

[SECURITY] Fedora 23 Update: ntp-4.2.6p5-33.fc23

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...

NTP 'ntpd/ntp_config.c' Denial of Service Vulnerability

Network Time Protocol is a protocol used to synchronize a computer's time to its server or clock source e.g., quartz clock, GPS, etc.. NTP crashes when processing config commands with the statistics type ntpd, which can be exploited by a remote attacker to submit a special request for a denial of...

moodle -- multiple vulnerabilities

Moodle Release Notes report: MSA-15-0030: Students can re-attempt answering questions in the lesson CVE-2015-5264 MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of CVE-2015-5272 - 2.7.10 only MSA-15-0032: Users can delete files uploaded by other...

Decentralized P2P Websites: ZeroNet

Decentralized P2P websites using Bitcoin crypto and the BitTorrent network ZeroNet uses Bitcoin cryptography and BitTorrent technology to build a decentralized censorship-resistant network. Users can publish static or dynamic websites into ZeroNet and visitors can choose to also serve the website...

RHEL 6 : rhevm-spice-client (RHSA-2015:0197)

Updated rhevm-spice-client packages that fix two security issues and several bugs are now available for Red Hat Enterprise Virtualization Manager 3. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

AIX 7.1 TL 3 : ntp (IV74261)

The remote AIX host has a version of Network Time Protocol NTP installed that is affected by a denial of service vulnerability due to a flaw in the symmetric-key feature in the receive function in file ntpproto.c when receiving certain invalid packets, which causes state-variable updates to be...

Moderate: Red Hat Bug Fix Advisory: 389-ds-base bug fix update

Updated 389-ds-base packages that fix several bugs are now available for Red Hat Enterprise Linux 7. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the LDAP server and command-line utilities for server administration. This update fixes the following bugs:...

Moderate: Red Hat Security Advisory: ntp security, bug fix, and enhancement update

Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

ntp: authentication doesn't protect symmetric associations against DoS attacks

A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the...

The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure

The vulnerability of the PRE module in the Cisco IOS operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to cause service failure by initiating frequent connections to devices via the IPv6 protocol...

The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure

The vulnerability of the PRE module in the Cisco IOS operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to cause service failure by sending specially crafted MPLS 6VPE packets remotely...