EUVD-2016-6068

Malware in sbrugna...

K94408282: OpenNTPD vulnerability CVE-2016-5117

Security Advisory Description OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. CVE-2016-5117 Impact There is no impact; F5 products a...

Mageia: Security Advisory (MGASA-2016-0277)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-5117

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate...

CVE-2016-5117

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate...

DEBIAN-CVE-2016-5117

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate...

CVE-2016-5117

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate...

Design/Logic Flaw

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate...

CVE-2016-5117

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate...

CVE-2016-5117

OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate...

CVE-2016-5117

CVE-2016-5117 affects OpenNTPD before 6.0p1. The vulnerability is that OpenNTPD does not validate the CN for HTTPS constraint requests, allowing remote attackers to bypass MITM mitigations via a crafted timestamp constraint with a valid certificate. The documented remediation is to upgrade to Ope...

Updated openntpd/busybox packages fix security vulnerability

The busybox NTP implementation doesn't check the NTP mode of packets received on the server port and responds to any packet with the right size. This includes responses from another NTP server. An attacker can send a packet with a spoofed source address in order to create an infinite loop of...

OpenNTPD Design Vulnerabilities

OpenNTPD is a network time protocol NTP for Unix systems that can synchronize a computer system's local clock with a remote NTP server. A security vulnerability exists in OpenNTPD that stems from a failure to validate the Common Name when the program is configured for HTTPS requests, which could ...