34 matches found
Rockwell Automation Stratix Denial of Service CRYPTO_ASSOC Memory Leak (CVE-2015-7701)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
K17517: NTP vulnerability CVE-2015-7701
Security Advisory Description Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption. CVE-2015-7701 Impact An attacker could send packets tontpd that may, after several days of...
SUSE: Security Advisory (SUSE-SU-2016:2094-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in NTP
Summary The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. IBM Security Access Manager for Mobile is...
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager
Summary There were multiple security vulnerabilities fixed in the IBM Security Privileged Identity Manager Product Vulnerability Details CVEID: CVE-2016-2996 DESCRIPTION: IBM Security Privileged Identity Manager Virtual Appliance could allow an authenticated user to append lines to any file on th...
AIX NTP v4 Advisory : ntp_advisory4.asc (IV79954) (IV79954)
The remote AIX host has a version of Network Time Protocol NTP installed that is affected by the following vulnerabilities : - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this,...
AIX NTP v3 Advisory : ntp_advisory4.asc (IV79942) (IV79943) (IV79944) (IV79945) (IV79946)
The remote AIX host has a version of Network Time Protocol NTP installed that is affected by the following vulnerabilities : - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this,...
CVE-2015-7701
CVE-2015-7701 involves a memory leak in ntpd’s CRYPTO_ASSOC when autokey is enabled. Affected: ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Impact: potential denial of service due to memory exhaustion. Remediation: upgrade to fixed ntp releases (e.g., 4.2.8p4+ or 4.3.77+); or disable...
CVE-2015-7701
Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption...
Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103)
Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...
ntp security and bug fix update
4.2.6p5-25.0.1 - add disable monitor to default ntp.conf CVE-2013-5211 4.2.6p5-25 - don't allow spoofed packet to enable symmetric interleaved mode CVE-2016-1548 - check mode of new source in config command CVE-2016-2518 - make MAC check resilient against timing attack CVE-2016-1550 4.2.6p5-24 -...
Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)
Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...
F5 Networks BIG-IP : NTP vulnerability (K17517)
Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption. CVE-2015-7701 Impact An attacker could send packets to ntpd that may, after several days of ongoing attack, cause it to run...
SUSE SLES11 Security Update : ntp (SUSE-SU-2016:1311-1)
This network time protocol server ntp was updated to 4.2.8p6 to fix the following issues : Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 Major functional changes : - The 'sntp' commandline tool changed its option handling in a major way. - 'controlkey 1' is added...
CentOS 6 : ntp (CESA-2016:0780)
An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
ntp, ntpdate security update
CentOS Errata and Security Advisory CESA-2016:0780 An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Oracle Linux 6 : ntp (ELSA-2016-0780)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0780 advisory. - don't accept server/peer packets with zero origin timestamp CVE-2015-8138 - fix crash with reslist command CVE-2015-7977, CVE-2015-7978 - fix crash...
RHEL 6 : ntp (RHSA-2016:0780)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0780 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. These packages include the ntpd...
RedHat Update for ntp RHSA-2016:0780-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: ntp security and bug fix update
An update for ntp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...