EUVD-2016-2577

Malware in sbrugna...

EUVD-2016-7230

Malware in sbrugna...

RHEL 5 : busybox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - busybox: heap-based buffer overflow in OPTION6RD parsing CVE-2016-2148 - Integer overflow in the DHCP...

GHSA-QWHM-H7V3-MRJX Improper handling of NTS cookie length that could crash the ntpd-rs server

Impact ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS...

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2022:0135-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0135-1 advisory. - Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point...

Denial Of Service (DoS)

busybox is vulnerable to denial of service. The recvandprocessclientpkt function in networking/ntpd.c allows remote attackers to cause a excessive CPU and bandwidth consumption via a malicious NTP packet, which triggers a communication loop...

CVE-2020-13817

A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use...

NTPsec ntpd ctl_getitem Out of Bounds Read (CVE-2019-6443)

An out of bounds read vulnerability has been reported in NTPsec ntpd. The vulnerability is due to insufficient validation of the length of a message in a NTP packet. A remote unauthenticated user can exploit this vulnerability by sending a crafted packet to the target server...

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

Type confusion

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

CVE-2015-5219

CVE-2015-5219 affects the Network Time Protocol (NTP) SNTP components, specifically the sntp utility, prior to version 4.2.7p366. The root cause is an incorrect type conversion in the ULOGTOD function (precision → double) which can cause a crafted NTP packet to trigger an infinite loop in sntp, l...

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

CVE-2015-5219

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service infinite loop via a crafted NTP packet...

BusyBox: Denial of service

Background BusyBox is a set of tools for embedded systems and is a replacement for GNU Coreutils. Description The recvandprocessclientpkt function in networking/ntpd.c in BusyBox allows remote attackers to cause a Denial of Service CPU and bandwidth consumption via a forged NTP packet, which...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

CVE-2016-6301

The recvandprocessclientpkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged NTP packet, which triggers a communication loop...

ntp: ntpq atoascii memory corruption vulnerability

An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash...