29 matches found
Rockwell Automation Stratix NTP Authentication bypass (CVE-2015-1798)
A vulnerability in the message authentication code MAC validation routine of ntpd could allow an unauthenticated, remote attacker to bypass the NTP authentication feature. The vulnerability is due to incorrect validation of the MAC field. An attacker could exploit this vulnerability by sending...
Debian: Security Advisory (DLA-192-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2094-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect PowerKVM
Summary PowerKVM is affected by several vulnerabilities in Network Time Protocol NTP. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2014-9297 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could allow a remote attacker to conduct spoofing attacks, caused by...
Security Bulletin: IBM Security Access Manager for Web is affected by multiple NTP vulnerabilities
Summary The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. IBM Security Access Manager for Web uses NTP and is affected by multiple NTP vulnerabilities. Vulnerability Details CVEID: CVE-2014-9297 DESCRIPTION: Network Time Protocol NTP Proje...
Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405)
Summary Security vulnerabilities have been discovered in NTP used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-1798 DESCRIPTION: Network Time Protocol NTP Project NTP daemon ntpd could allow a remote attacker to bypass security restrictions, caused by the acceptance...
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products (cisco-sa-20150408-ntpd)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to bypass authentication controls or to create a denial of service DoS condition. On April 7, 2015, NTP.org...
CentOS 7 : ntp (CESA-2015:2231)
Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Oracle: Security Advisory (ELSA-2015-2231)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : ntp (RHSA-2015:2231)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2231 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. These packages include the ntpd...
RedHat Update for ntp RHSA-2015:2231-04
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2015-520)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 : ntp (CESA-2015:1459)
Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
RHEL 6 : ntp (RHSA-2015:1459)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1459 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. It was found that because NTP's...
Fedora Update for ntp FEDORA-2015-5761
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : ntp (ALAS-2015-520)
The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. CVE-2015-1798 The symmetric-key feature ...
Fedora 21 : ntp-4.2.6p5-30.fc21 (2015-5830)
Security fix for CVE-2015-1799, CVE-2015-1798, 1210324 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora Update for ntp FEDORA-2015-5830
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : ntp (openSUSE-2015-330)
NTP was updated to fix two security vulnerabilities : - ntpd could accept unauthenticated packets with symmetric key crypto. CVE-2015-1798 - ntpd authentication did not protect symmetric associations against DoS attacks CVE-2015-1799 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
F5 Networks BIG-IP : NTP vulnerability (K16505)
The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. CVE-2015-1798 C Tenable Network Security...