21 matches found
MiracleLinux 4 : ntp-4.2.6p5-5.4.0.1.AXS4 (AXSA:2016-045:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-045:01 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which...
Linux Distros Unpatched Vulnerability : CVE-2015-7974
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers...
EulerOS 2.0 SP11 : ntp (EulerOS-SA-2023-2658)
According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq...
Updated ntp packages fix security vulnerability
Updated ntp packages fix security vulnerability: ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC...
Moderate: Red Hat Security Advisory: ntp security update
An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
MGASA-2020-0212 Updated ntp packages fix security vulnerability
The updated packages fix security vulnerabilities including: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packe...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ntp Vulnerability (NS-SA-2019-0206)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long...
MGASA-2019-0140 Updated ntp packages fix security vulnerability
A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. CVE-2019-8936...
Updated ntp packages fix security vulnerability
A null pointer exception which could allow an authenticated attacker to cause segmentation fault to ntpd. CVE-2019-8936...
MGASA-2018-0371 Updated ntp packages fix security vulnerability
Updated ntp packages fix security vulnerability: Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter CVE-2018-12327...
MGASA-2018-0195 Updated ntp packages fix security vulnerabilities
This release addresses five security issues in ntpd for Mageia 6: LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU961909: Sybil vulnerability: ephemeral association attack While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. Reported by Matt Van Gundy of...
Updated ntp packages fix security vulnerability
ntpq and ntpdc disclose the origin timestamp to unauthenticated clients, which may allow an attacker to impersonate a legitimate peer CVE-2015-8139. An attacker who is able to spoof packets with correct origin timestamps from enough servers before the expected response packets arrive at the targe...
MGASA-2016-0174 Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerabilities: It is possible to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. An attacker can spoof a packet from a legitimate ntpd server with an origin...
[slackware-security] ntp
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/ntp-4.2.8p4-i486-1slack14.1.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes severa...
Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerability: A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if the attacker had authenticated access to remote ntpd configuration CVE-2015-5146. It was...
MGASA-2015-0348 Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerability: A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if the attacker had authenticated access to remote ntpd configuration CVE-2015-5146. It was...
[slackware-security] ntp (SSA:2015-188-03)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security ntp SSA:2015-188-03 New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
[slackware-security] ntp
New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/ntp-4.2.8p3-i486-1slack14.1.txz: Upgraded. This update fixes a security issue where under specific circumstanc...
MGASA-2015-0063 Updated ntp packages fix security vulnerabilities
Updated ntp packages fix security vulnerabilities: Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in...
DSA-3154-2 ntp - incomplete fix
Bulletin has no description...