USN-4229-2: NTP vulnerability

USN-4229-1 fixed a vulnerability in NTP. This update provides the corresponding update for Ubuntu 18.04 ESM. Original advisory details: It was discovered that ntpq and ntpdc incorrectly handled some arguments. An attacker could possibly use this issue to cause ntpq or ntpdc to crash, execute...

Low: ntp

Issue Overview: The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code...

CVE-2018-12327

The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under...

EulerOS Virtualization for ARM 64 3.0.1.0 : ntp (EulerOS-SA-2019-1398)

According to the version of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via...

Denial Of Service (DoS)

ntp is vulnerable to denial of service. A NULL pointer dereference flaw was found in the way ntpd processed ntpdc reslist commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd...

Weak Authentication

The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...

EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1207)

According to the version of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted...

SUSE SLES15 Security Update : ntp (SUSE-SU-2018:3386-1)

NTP was updated to 4.2.8p12 bsc1111853 : CVE-2018-12327: Fixed stack-based buffer overflow in the openhost command-line call of NTPQ/NTPDC. bsc1098531 CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection bsc1083424 Please also see...

Amazon Linux AMI : ntp (ALAS-2018-1083)

ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for...

CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command...

Null pointer dereference

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command...

AIX NTP v4 Advisory : ntp_advisory6.asc (IV83983) (IV83992)

The version of NTP installed on the remote AIX host is affected by the following vulnerabilities : - A flaw exists in the receive function due to the use of authenticated broadcast mode. A man-in-the-middle attacker can exploit this to conduct a replay attack. CVE-2015-7973 - A NULL pointer...

Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability

CERT VU357792 Summary To prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will...

Network Time Protocol ntpq and ntpdc Infinite Loop Vulnerability

CERT VU357792 Summary ntpq processes incoming packets in a loop in getresponse. The loop’s only stopping conditions are receiving a complete and correct response or hitting a small number of error conditions. If the packet contains incorrect values that don’t trigger one of the error conditions,...

UBUNTU-CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service NULL pointer dereference via a ntpdc reslist command...

Ntpdc-4.2.6p3

ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS...

Ntpdc 4.2.6p3 - Local Buffer Overflow Exploit

Ntpdc version 4.2.6p3 suffers from a local buffer overflow vulnerability. Source: https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/ from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000...

Ntpdc 4.2.6p3 - Local Buffer Overflow

Ntpdc 4.2.6p3 - Local Buffer Overflow Source: https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/ from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000 LDINITIALOFFSET = 8900 LDTAILOFFSET = 1400...

Ntpdc 4.2.6p3 - Local Buffer Overflow

Source: https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/ from os import system, environ from struct import pack import sys ntpdc 4.2.6p3 bof @dronesec tested on x86 Ubuntu 12.04.5 LTS IMAGEBASE = 0x80000000 LDINITIALOFFSET = 8900 LDTAILOFFSET = 1400 sploit = "\x41" 485 junk sploit +=...

ntpd DRDoS / Amplification Attack using ntpdc monlist command

ntp.org reports: Unrestricted access to the monlist feature in ntprequest.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service traffic amplification via forged 1 REQMONGETLIST or 2 REQMONGETLIST1 requests, as exploited in the wild in December 2013 Use noquery to...