EUVD-2015-7747

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-12327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long...

Ubuntu 18.04 ESM : NTP vulnerability (USN-4229-2)

The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4229-2 advisory. USN-4229-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 18.04 ESM. Tenable has extracted the preceding description block...

SUSE CVE-2018-7184

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service disruption by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the mos...

Design/Logic Flaw

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

PT-2020-2999 · Nts +7 · Ntp +7

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8 through 4.2.8p14 ntp versions 4.3.x through 4.3.100 Description: The issue allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address. This is because...

Linux: Read /etc/ntp.conf (KB)

The ntpd program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol NTP version 4, but also retains compatibility with version 3, as defined by RFC-1305, and...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ntp Vulnerability (NS-SA-2019-0255)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ntp packages installed that are affected by a vulnerability: - Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long...

CVE-2019-8936

NTP through 4.2.8p12 has a NULL Pointer Dereference...

Security update for ntp (moderate)

This update for NTP to version 4.2.8p12 fixes the following vulnerabilities bsc1111853: - CVE-2018-12327: Fixed stack buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing...

ntp 4.2.8p11 Local Buffer Overflow

Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow Date: 2018-06-06 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: http://www.ntp.org/ Software Link: http://www.ntp.org/downloads.html Version: 4.2.8p11 and earlier Tested on: 4.2.8p11 CVE : CVE-2018-12327 Stack-based buffer...

CVE-2018-12327

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which nt...

CVE-2015-7701

Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption...

CVE-2015-7855

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value...

SUSE-SU-2017:1052-1 Security update for ntp

This ntp update to version 4.2.8p10 fixes the following issues: Security issues fixed bsc1030050: - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock - CVE-2017-6463: Authenticated DoS via Malicious Config Option - CVE-2017-6458: Potential...

CVE-2017-6463

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service daemon crash via an invalid setting in a :config directive, related to the unpeer option...

DEBIAN-CVE-2016-9311

ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and crash via a crafted packet...

SUSE-SU-2016:1247-1 Security update for ntp

ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes: - The 'sntp' commandline tool changed its option handling in a major way, some options have been renamed or dropped. - 'controlkey 1' is added during update to ntp.conf to allow sntp to work. - The local clock...

SUSE-SU-2016:1177-1 Security update for ntp

ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002....

Network Time Protocol Crypto-NAK Preemptible Association Denial of Service Vulnerability

SUMMARY An off-path attacker can cause a preemptible client association to be demobilized by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. Furthermore, if the attacker keeps sending cryp...