CVE-2015-7850
https://notcve.org/view.php?id=CVE-2015-7850
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. ntpd en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que usuarios remotos autenticados provoquen una denegación de servicio (bucle infinito o caída del sistema) apuntando al archivo de claves en el archivo de log. • http://support.ntp.org/bin/view/Main/NtpBug2917 http://www.debian.org/security/2015/dsa-3388 http://www.securityfocus.com/bid/77279 http://www.securitytracker.com/id/1033951 https://bugzilla.redhat.com/show_bug.cgi?id=1274258 https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0001 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2015-7853
https://notcve.org/view.php?id=CVE-2015-7853
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. El parámetro datalen en el driver reflock en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio utilizando un valor de entrada negativo. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authenticatio • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2015-7854
https://notcve.org/view.php?id=CVE-2015-7854
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. Un desbordamiento de búfer en la funcionalidad de gestión de contraseñas en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que usuarios remotos autenticados provoquen una denegación de servicio o la posibilidad de ejecutar código arbitrario empleando un archivo de claves manipulado. • http://support.ntp.org/bin/view/Main/NtpBug2921 http://www.securityfocus.com/bid/77277 http://www.securitytracker.com/id/1033951 https://bugzilla.redhat.com/show_bug.cgi?id=1274263 https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2014-9751 – ntp: drop packets with source address ::1
https://notcve.org/view.php?id=CVE-2014-9751
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. La función read_network_packet en ntp_io.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p1 en Linux y OS X no determina correctamente si una dirección IP fuente es una dirección IPv6 loopback, lo que facilita a atacantes remotos suplantar paquetes restringidos y leer o escribir en el estado runtime, aprovechando la habilidad para alcanzar la interfaz de red de la máquina ntpd con un paquete proveniente de la dirección ::1. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. • http://bugs.ntp.org/show_bug.cgi?id=2672 http://rhn.redhat.com/errata/RHSA-2015-1459.html http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne http://www.debian.org/security/2015/dsa-3388 http://www.kb.cert.org/vuls/id/852879 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72584 https://bugzilla.redhat.com/show_bug.cgi?id=1184572 https://support.hpe.com/hpsc/doc/public • CWE-20: Improper Input Validation •
CVE-2014-9750 – ntp: vallen in extension fields are not validated
https://notcve.org/view.php?id=CVE-2014-9750
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. ntp_crypto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p1, cuando Autokey Authentication está habilitada, permite a atacantes remotos obtener información sensible de la memoria de proceso o causar una denegación de servicio (caída del demonio) a través de un paquete que contiene un campo extension con un valor no válido para la longitud de su campo de valor. A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash. • http://bugs.ntp.org/show_bug.cgi?id=2671 http://rhn.redhat.com/errata/RHSA-2015-1459.html http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne http://www.debian.org/security/2015/dsa-3388 http://www.kb.cert.org/vuls/id/852879 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72583 https://bugzilla.redhat.com/show_bug.cgi?id=1184573 https://support.hpe.com/hpsc/doc/public • CWE-20: Improper Input Validation •