K07082049: NTP vulnerability CVE-2017-6462

Security Advisory Description Buffer overflow in the legacy Datum Programmable Time Server DPTS refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. CVE-2017-6462 Impact This vulnerability allows local users ...

K17525: NTP vulnerability CVE-2015-7853

Security Advisory Description The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value. CVE-2015-7853 Impact Running a custom refclock driver in...

SUSE CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2019-2066)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2019-1222)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : ntp (EulerOS-SA-2019-2066)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number o...

EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1557)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that ntpd did not check whether a Message Authentication Code MAC was present in a received packet when ntpd was...

OracleVM 3.3 / 3.4 : ntp (OVMSA-2018-0290)

The remote OracleVM system is missing necessary patches to address critical security updates : - add disable monitor to default ntp.conf CVE-2013-5211 - fix buffer overflow in parsing of address in ntpq and ntpdc CVE-2018-12327 - fix CVE-2016-7429 patch to work correctly on multicast client 14229...

Input validation

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

DEBIAN-CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

NTP Local Buffer Overflow Vulnerability

NTP is a network protocol that synchronizes the clocks of two computers by exchanging packets. An NTP program running a custom refclock driver fails to check for a negative value of the 'datalen' parameter, allowing a local attacker to exploit the vulnerability for denial of service attacks...

UBUNTU-CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...