PT-2024-2258 · Unknown · Trace Mode 7

Name of the Vulnerable Software and Affected Versions: TRACE MODE 7 affected versions not specified Description: The issue is related to the storage of confidential information in unencrypted form in memory. Exploitation of this issue could allow an attacker to gain unauthorized access to protect...

CVE-2019-1967 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...

CVE-2019-1967 Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...

Cisco NX-OS Software Network Time Protocol Denial of Service Vulnerability

A vulnerability in the Network Time Protocol NTP feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a dr...

CVE-2015-7855

CVE-2015-7855 affects ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The decodenetnum() function can assert-botch when processing mode 6 or mode 7 packets with an unusually long data value, enabling a remote attacker to cause ntpd to crash (denial of service). Public references indicat...

openSUSE Security Update : ntp (openSUSE-2016-649)

This update for ntp fixes the following issues : - Update to 4.2.8p7 boo977446 : - CVE-2016-1547, boo977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. - CVE-2016-1548, boo977461: Interleave-pivot - CVE-2016-1549, boo977451: Sybil vulnerability: ephemeral association attack. - CVE-2016-1550,...

Network Time Protocol Private Mode 'reslist' Stack Memory Exhaustion Vulnerability

CERT VU357792 Summary An unauthenticated ntpdc reslist command can cause a segmentation fault in ntpd by exhausting the call stack. The following conditions must be met: 1. Mode 7 must be enabled. By default, mode 7 is disabled. 2. A large enough number of entries must be in the restrict lists to...

Network Time Protocol Private Mode 'reslist' NULL Pointer Dereference Vulnerability

Summary An unauthenticated ntpdc reslist command can cause a segmentation fault in ntpd by causing a NULL pointer dereference. The following conditions must be met: 1. Mode 7 must be enabled. By default, mode 7 is disabled. 2. A large enough number of entries must exist in the restrict list to...

SOL17515 - NTP vulnerability CVE-2015-7855

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Network Time Protocol Daemon (ntpd) 3.x / 4.x < 4.2.8p4 Multiple Vulnerabilities

The version of the remote NTP server is 3.x or 4.x prior to 4.2.8p4. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the ntpcrypto.c file due to improper validation of the 'vallen' value in extension fields. An unauthenticated, remote attacker can exploit this, vi...

Oracle: Security Advisory (ELSA-2009-1648)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OracleVM 3.2 : ntp (OVMSA-2015-0001)

The remote OracleVM system is missing necessary patches to address critical security updates : - Remove default ntp servers in ntp.conf bug 14342986 - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via...

OracleVM 2.2 : ntp (OVMSA-2009-0036)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix DoS with mode 7 packets 532639, CVE-2009-3563 - compile with -fno-strict-aliasing %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleV...

Network Time Foundation ntpd Service Network Traffic Amplification Issue

A vulnerability in the Network Time Protocol NTP package of several Cisco products could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to processing MODEPRIVATE Mode 7 NTP control messages, which have a large...

AIX 5.3 TL 11 : xntpd (IZ71610)

'NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a 'restrict...

AIX 6.1 TL 2 : xntpd (IZ71613)

'NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a 'restrict...

AIX 6.1 TL 4 : xntpd (IZ71071)

'NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a 'restrict...

AIX 5.3 TL 8 : xntpd (IZ68659)

'NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a 'restrict...

AIX 6.1 TL 3 : xntpd (IZ71614)

'NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a 'restrict...

AIX 5.3 TL 10 : xntpd (IZ71608)

'NTP mode 7 MODEPRIVATE is used by the ntpdc query and control utility. In contrast, ntpq uses NTP mode 6 MODECONTROL, while routine NTP time transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 request or a mode 7 error response from an address that is not listed in a 'restrict...