CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script. The vulnerability enables attackers to inject JavaScript via posted parameters (e.g., BOOT_SERVER, BOOT_FILE, BOOT_ROOT, START_ADDR, END_ADDR, DNS1, DNS2, NTP1,...

NTP Mode 7 PEER_LIST Denial Of Service Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 7 PEERLIST DoS Scanner', 'Description' = %q This module identifies NTP servers which permit "PEERLIST" queries and return responses that...

NTP Mode 7 PEER_LIST_SUM Denial Of Service Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 7 PEERLISTSUM DoS Scanner', 'Description' = %q This module identifies NTP servers which permit "PEERLISTSUM" queries and return response...

NTP Monitor List Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Monitor List Scanner', 'Description' = %q This module identifies NTP servers which permit "monlist" queries and obtains the recent clients...

CVE-2022-36786

DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers Network Time Protocol via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router...

A bug is about to confuse a lot of computers by turning back time 20 years

For those of you that remember the fuss about the Y2K bug, this story may sound familiar. The Cybersecurity & Infrastructure Security Agency CISA has issued a warning to Critical Infrastructure CI owners and operators, and other users who get the time from GPS, about a GPS Daemon GPSD bug in GPSD...

GPS Daemon (GPSD) Rollover Bug

Critical Infrastructure CI owners and operators, and other users who obtain Coordinated Universal Time UTC from Global Positioning System GPS devices, should be aware of a GPS Daemon GPSD bug in GPSD versions 3.20 released December 31, 2019 through 3.22 released January 8, 2021. On October 24,...

CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

CVE-2021-22212

ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the ''. This results in the administrator not bein...

NICER Protocol Deep Dive: Internet Exposure of NTP

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

F5 Networks BIG-IP : NTP vulnerabilities (K55376430)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.3 / 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K55376430 advisory. Thentpdin the network time protocol NTP before 4.2.8p14, and in...

CVE-2018-4851

A vulnerability has been identified in SICLOCK TC100 All versions and SICLOCK TC400 All versions. An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of th...

openSUSE Security Update : systemd (openSUSE-2018-216)

This update for systemd fixes the following issues : Security issue fixed : - CVE-2017-18078: tmpfiles: refuse to chown/chmod files which are hardlinked, unless protectedhardlinks sysctl is on. This could be used by local attackers to gain privileges bsc1077925 Non Security issues fixed : - core:...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:0546-1)

This update for systemd fixes the following issues: Security issue fixed : - CVE-2017-18078: tmpfiles: refuse to chown/chmod files which are hardlinked, unless protectedhardlinks sysctl is on. This could be used by local attackers to gain privileges bsc1077925 Non Security issues fixed : - core:...

Network Time Protocol Daemon peer xmit mode Denial of Service (CVE-2017-6464)

A denial of service vulnerability exists in the Network Time Protocol daemon NTPD. The vulnerability is due to a lack of input validation on the mode parameter in peerxmit when configuring ntp servers. A remote, authenticated attacker can exploit this vulnerability by sending a crafted packet to...

Stack buffer overflow vulnerability in multiple Meinberg products (CNVD-2016-04404)

Meinberg IMS-LANTIME M3000 and others are NTP time servers from Meinberg, Germany. A stack buffer overflow vulnerability exists in several Meinberg products, which can be exploited by remote attackers to cause a buffer overflow with the help of parameters in a POST request...

SOL01324833 - NTP vulnerability CVE-2015-8158

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Moderate: Red Hat Security Advisory: chrony security, bug fix, and enhancement update

Updated chrony packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

NTP Servers Symmetric Association Authentication Bypass (CVE-2015-7871)

A logical flaw exists in NTP servers when handling certain crypto-NAK packets, allowing attackers to bypass the target server's authentication. A remote attacker can leverage this flaw by sending a specially crafted request, and manipulate the server system's time...

Novel NTP Attacks Roll Back Time

Sharon Goldberg remembers the cold February day when her Boston University PhD candidate Aanchal Malhotra was studying routing security, in particular, attacks against the resource public key infrastructure RPKI—and kept hitting a dead end because of a cache-flushing issue. The resourceful Malhot...