USN-4229-2: NTP vulnerability

USN-4229-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 18.04 ESM. Original advisory details: It was discovered that ntpq and ntpdc incorrectly handled some arguments. An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute...

Low: ntp

Issue Overview: The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code...

CVE-2018-12327

The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under...

EulerOS Virtualization for ARM 64 3.0.1.0 : ntp (EulerOS-SA-2019-1398)

According to the version of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via...

Denial Of Service (DoS)

ntp is vulnerable to denial of service. A NULL pointer dereference flaw was found in the way ntpd processed ntpdc reslist commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd...

Weak Authentication

The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...

EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1207)

According to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted...

SUSE SLES15 Security Update : ntp (SUSE-SU-2018:3386-1)

NTP was updated to 4.2.8p12 bsc1111853 : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection bsc1083424 Please also see...

Amazon Linux AMI : ntp (ALAS-2018-1083)

ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for...

Null pointer dereference

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command...

CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command...

AIX NTP v4 Advisory : ntp_advisory6.asc (IV83983) (IV83992)

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities : - A flaw exists in the receive function due to the use of authenticated broadcast mode. A man-in-the-middle attacker can exploit this to conduct a replay attack. CVE-2015-7973 - A NULL pointer...

Network Time Protocol ntpq and ntpdc Infinite Loop Vulnerability

CERT VU357792 Summary ntpq processes incoming packets in a loop in getresponse. The loop’s only stopping conditions are receiving a complete and correct response or hitting a small number of error conditions. If the packet contains incorrect values that don’t trigger one of the error conditions,...

Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability

CERT VU357792 Summary To prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will...

UBUNTU-CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command...

Ntpdc-4.2.6p3

ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS...

Ntpdc 4.2.6p3 - Local Buffer Overflow Exploit

Ntpdc version 4.2.6p3 suffers from a local buffer overflow vulnerability. Source: https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/ from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000...

Ntpdc 4.2.6p3 - Local Buffer Overflow

Source: https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/ from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000 LDINITIALOFFSET = 8900 LDTAILOFFSET = 1400 sploit = "\x41" 485 junk sploit +=...

Ntpdc 4.2.6p3 - Local Buffer Overflow

Ntpdc 4.2.6p3 - Local Buffer Overflow Source: https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/ from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000 LDINITIALOFFSET = 8900 LDTAILOFFSET = 1400...

ntpd DRDoS / Amplification Attack using ntpdc monlist command

ntp.org reports: Unrestricted access to the monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013 Use noquery to...