VulnCheck KEV: CVE-2019-6443

An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctlgetitem, there is a stack-based buffer over-read in readsysvars in ntpcontrol.c in ntpd...

SUSE CVE-2018-7182

The ctlgetitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service out-of-bounds read via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10...

EUVD-2016-3597

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service ntpd abort by a large request data value, which triggers the ctlgetitem function to return a NULL value...

NTPsec 1.1.2 - ctl_getitem Out-of-Bounds Read Exploit

!/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread1 Vendor Homepage: https://ntpsec.org/ Software Link:...

DEBIAN-CVE-2019-6445

An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntpcontrol.c, related to ctlgetitem...

UBUNTU-CVE-2019-6443

An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctlgetitem, there is a stack-based buffer over-read in readsysvars in ntpcontrol.c in ntpd...

NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)

!/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread1 Vendor Homepage: https://ntpsec.org/ Software Link:...

NTP.org 'ntpd' 'ctl_getitem()' And 'decodearr()' Multiple Vulnerabilities (Feb 2018)

NTP.org SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntp:ntp"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.812790";...

UBUNTU-CVE-2016-2519

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service ntpd abort by a large request data value, which triggers the ctlgetitem function to return a NULL value...

SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)

ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed : - CVE-2016-4956: Broadcast interleave bsc982068. - CVE-2016-2518: Crafted addpeer with hmode 7 causes array wraparound with MATCHASSOC bsc977457. - CVE-2016-2519: ctlgetitem return value not always...

openSUSE Security Update : ntp (openSUSE-2016-599)

This update for ntp to 4.2.8p7 fixes the following issues : - CVE-2016-1547, bsc977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. - CVE-2016-1548, bsc977461: Interleave-pivot - CVE-2016-1549, bsc977451: Sybil vulnerability: ephemeral association attack. - CVE-2016-1550, bsc977464: Improve NTP...

ntpd denial of service vulnerability

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A security vulnerability exists in ntpd versions 4.x prior to 4.2.8p7 and 4.3 prior to 4.3.92, which stems from the program failing t...

Network Time Protocol ([x]ntpd) daemon contains buffer overflow in ntp_control:ctl_getitem() function

Overview There is a buffer overflow defect in the ctlgetitem function of the Network Time Protocol NTP daemon responsible for providing accurate time reports used for synchronizing the clocks on installed systems. All NTP daemons based on code maintained at the University of Delaware since NTPv2...