Debian: Security Advisory (DSA-3388-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Check Point response to NTP "panic threshold" Bypass Vulnerability (CVE-2015-5300)

...

Oracle Linux 7 : ntp (ELSA-2015-2231)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2231 advisory. - check origin timestamp before accepting KoD RATE packet CVE-2015-7704 - allow only one step larger than panic threshold with -g CVE-2015-5300 -...

[SECURITY] [DSA 3388-1] ntp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3388-1 [email protected] https://www.debian.org/security/ Kurt Roeckx November 01, 2015 https://www.debian.org/security/faq -...

Ubuntu 14.04 LTS : NTP vulnerabilities (USN-2783-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2783-1 advisory. Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker...

ntp: MITM attacker can force ntpd to make a step larger than the panic threshold

It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that clien...