Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p2 Multiple Vulnerabilities

The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p2. It is, therefore, affected by the following vulnerabilities : - The symmetric-key feature in the receive function requires a correct message authentication code MAC only if the MAC field has a nonzero length. A man-in-the-middle...

SUSE SLED12 / SLES12 Security Update : postgresql93 (SUSE-SU-2015:0478-1)

postgresql93 was updated to version 9.3.6 to fix four security issues. These security issues were fixed : - CVE-2015-0241: Fix buffer overruns in tochar bnc916953. - CVE-2015-0243: Fix buffer overruns in contrib/pgcrypto bnc916953. - CVE-2015-0244: Fix possible loss of frontend/backend protocol...

Possible Issues With Cloud Storages After Restore

Challenge After restoring a machine that was using cloud synchronization software OneDrive, Dropbox, Google Drive, etc., issues are possible when that software attempts synchronization with its service. Those cloud sync solutions may see the restored files as updated changes that need to be...

[SECURITY] Fedora 21 Update: ntp-4.2.6p5-30.fc21

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...

MGASA-2015-0163 Updated chrony packages fix security vulnerabilities

Updated chrony package fixes security vulnerabilities: Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service crash or execute arbitrary code CVE-2015-1821. When allocating memory to save...

[SECURITY] Fedora 22 Update: ntp-4.2.6p5-30.fc22

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...

postgresql: loss of frontend/backend protocol synchronization after an error

A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection...

Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting th...

Medium: postgresql8

Issue Overview: An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages...

Debian Security Advisory DSA 3222-1 (chrony - security update)

Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony, an alternative NTP client and server: CVE-2015-1821 Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service crash o...

NTP Symmetric Key Authentication Security Vulnerabilities Patched

NTP, the much maligned protocol abused in a number of high volume DDoS attacks a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed. The Department of Homeland Security and CERT at the Software...

CVE-2015-1799

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service synchronization loss by spoofing the...

Design/Logic Flaw

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service synchronization loss by spoofing the...

CVE-2015-1799

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service synchronization loss by spoofing the...

CVE-2015-1799

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service synchronization loss by spoofing the...

BitTorrent Sync （peer-to-peer file synchronization system on there is a high risk of command injection vulnerability-vulnerability warning-the black bar safety net

According to HP 0day plans ZDI in last week's announcement that BitTorrent Sync on the presence of a high-risk vulnerability, an attacker can remotely execute arbitrary code. The black bar safety net science BitTorrent Sync is BitTorrent network technology company launched in multiple computers f...

RHEL 6 / 7 : postgresql (RHSA-2015:0750)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0750 advisory. PostgreSQL is an advanced object-relational database management system DBMS. An information leak flaw was found in the way the PostgreSQ...

postgresql: loss of frontend/backend protocol synchronization after an error

A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection...

IT-Grundschutz M4.227: Einsatz eines lokalen NTP-Servers zur Zeitsynchronisation

IT-Grundschutz M4.227: Einsatz eines lokalen NTP-Servers zur Zeitsynchronisation. Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4227.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.227 Authors: Thomas Rotter Copyright: Copyright c 2015...

[SECURITY] Fedora 21 Update: csync2-1.34-15.fc21

Csync2 is a cluster synchronization tool. It can be used to keep files on multiple hosts in a cluster in sync. Csync2 can handle complex setups with much more than just 2 hosts, handle file deletions and can detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms...