EUVD-2016-2577

Malware in sbrugna...

EUVD-2016-7230

Malware in sbrugna...

RHEL 5 : busybox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - busybox: heap-based buffer overflow in OPTION6RD parsing CVE-2016-2148 - Integer overflow in the DHCP...

GHSA-QWHM-H7V3-MRJX Improper handling of NTS cookie length that could crash the ntpd-rs server

Impact ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS...

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2022:0135-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0135-1 advisory. - CVE-2011-5325: Fixed tar directory traversal bsc951562. - CVE-2015-9261: Fixed segfalts and application...

Denial Of Service (DoS)

busybox is vulnerable to denial of service. The recvandprocessclientpkt function in networking/ntpd.c allows remote attackers to cause a excessive CPU and bandwidth consumption via a malicious NTP packet, which triggers a communication loop...

CVE-2020-13817

A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use...

NTPsec ntpd ctl_getitem Out of Bounds Read (CVE-2019-6443)

An out of bounds read vulnerability has been reported in NTPsec ntpd. The vulnerability is due to insufficient validation of the length of a message in a NTP packet. A remote unauthenticated user can exploit this vulnerability by sending a crafted packet to the target server...

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

Type confusion

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

CVE-2015-5219

CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

BusyBox: Denial of service

Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description The recvandprocessclientpkt function in networking/ntpd.c in BusyBox allows remote attackers to cause a Denial of Service CPU and bandwidth consumption via a forged NTP packet, which...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

ntp: ntpq atoascii memory corruption vulnerability

An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash...