35 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-7691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted...
Rockwell Automation Stratix Denial of Service AutoKey Malicious Message (CVE-2015-7691)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
K17530: NTP vulnerabilities CVE-2015-7691, CVE-2015-7692, and CVE-2015-7702
Security Advisory Description CVE-2015-7691 The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an...
SUSE: Security Advisory (SUSE-SU-2015:2058-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2094-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p5 Denial Of Service Vulnerability
The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p5. It is, therefore, affected by the following vulnerability : - he panicgate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows...
Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in NTP
Summary The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. IBM Security Access Manager for Mobile is...
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager
Summary There were multiple security vulnerabilities fixed in the IBM Security Privileged Identity Manager Product Vulnerability Details CVEID: CVE-2016-2996 DESCRIPTION: IBM Security Privileged Identity Manager Virtual Appliance could allow an authenticated user to append lines to any file on th...
AIX NTP v3 Advisory : ntp_advisory4.asc (IV79942) (IV79943) (IV79944) (IV79945) (IV79946)
The remote AIX host has a version of Network Time Protocol NTP installed that is affected by the following vulnerabilities : - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this,...
AIX NTP v4 Advisory : ntp_advisory4.asc (IV79954) (IV79954)
The remote AIX host has a version of Network Time Protocol NTP installed that is affected by the following vulnerabilities : - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this,...
CVE-2015-7691
CVE-2015-7691 affects ntpd’s crypto_xmit handling in NTP 4.2.x (before 4.2.8p4) and 4.3.x (before 4.3.77). The flaw arises from incomplete validation of autokey operations in crafted packets, allowing a remote attacker to crash ntpd (denial of service). This is tied to an incomplete fix of CVE-20...
Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103)
Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...
ntp security and bug fix update
4.2.6p5-25.0.1 - add disable monitor to default ntp.conf CVE-2013-5211 4.2.6p5-25 - don't allow spoofed packet to enable symmetric interleaved mode CVE-2016-1548 - check mode of new source in config command CVE-2016-2518 - make MAC check resilient against timing attack CVE-2016-1550 4.2.6p5-24 -...
RedHat Update for ntp RHSA-2016:2583-02
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)
Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...
SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)
This network time protocol server ntp was updated to 4.2.8p6 to fix the following issues : Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 Major functional changes : - The 'sntp' commandline tool changed its option handling in a major way. - 'controlkey 1' is added...
CentOS 6 : ntp (CESA-2016:0780)
An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
ntp, ntpdate security update
CentOS Errata and Security Advisory CESA-2016:0780 An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Oracle Linux 6 : ntp (ELSA-2016-0780)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0780 advisory. - don't accept server/peer packets with zero origin timestamp CVE-2015-8138 - fix crash with reslist command CVE-2015-7977, CVE-2015-7978 - fix crash...
RHEL 6 : ntp (RHSA-2016:0780)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0780 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. These packages include the ntpd...