CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2014-9293 – ntp: automatic generation of weak default key in config_auth()
https://notcve.org/view.php?id=CVE-2014-9293
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. La función config_auth en ntpd en NTP anterior a 4.2.7p11, cuando no se configura una clave de autenticación, incorréctamente genera una clave, esto hace que atacantes remotos puedan romper los mecanismos de protección fácilmente mediante un ataque de fuerza bruta. It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. • http://advisories.mageia.org/MGASA-2014-0541.html http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw http://bugs.ntp.org/show_bug.cgi?id=2665 http://marc.info/?l=bugtraq&m=142469153211996&w=2 http://marc.info/?l=bugtraq&m=142590659431171&w=2 http://marc.info/? • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 3CVE-2014-9295 – ntp: Multiple buffer overflows via specially-crafted packets
https://notcve.org/view.php?id=CVE-2014-9295
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. Múltiples desbordamientos de buffer en ntpd en NTP anterior a 4.2.8, permite a atacantes remotos la ejecución de código arbitrario mediante un paquete manipulado, relacionado con (1) la función crypto_recv cuando se utiliza la característica Autokey Authentication, (2) la función ctl_putdata y (3) la función de configuración. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. • http://advisories.mageia.org/MGASA-2014-0541.html http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g http://bugs.ntp.org/show_bug.cgi?id=2667 http://bugs.ntp.org/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 96%CPEs: 31EXPL: 2CVE-2013-5211 – NTP ntpd monlist Query Reflection - Denial of Service
https://notcve.org/view.php?id=CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. La característica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013. Detect UDP endpoints with UDP amplification vulnerabilities. • https://www.exploit-db.com/exploits/33073 https://github.com/0xhav0c/CVE-2013-5211 http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc http://bugs.ntp.org/show_bug.cgi?id=1532 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html http://marc.info/?l=bugtraq&m=138971294629419&w=2 http://marc.info/?l=bugtraq&m=144182594518 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 96%CPEs: 21EXPL: 0CVE-2009-3563 – ntpd: DoS with mode 7 packets (VU#568372)
https://notcve.org/view.php?id=CVE-2009-3563
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantación de (1) petición o (2) paquete respueta lo que lanza continuo intercambio de errores de respuesta MODE_PRIVATE entre dos demonios NTP. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=bugtraq&m=130168580504508&w=2 http://marc.info/? •
CVSS: 6.8EPSS: 96%CPEs: 78EXPL: 0CVE-2009-1252 – ntp: remote arbitrary code execution vulnerability if autokeys is enabled
https://notcve.org/view.php?id=CVE-2009-1252
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. Desbordamiento de búfer basado en pila en la función crypto_recv en ntp_crypto.c en ntpd en NTP anteriores a v4.2.4p7 y v4.2.5 anterior a v4.2.5p74, cuando OpenSSL y autokey están activados, permite a atacantes remotos ejecutar código de forma arbitraria a través de paquetes manipulados que contienen un campo de extension. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://rhn.redhat.com/errata/RHSA-2009-1039.html http://rhn.redhat.com/errata/RHSA-2009-1040.html http://secunia.com/advisories/35137 http://secunia.com/advisories/35138 http://secunia.com/advisories/35166 http://secunia.com/advisories/35169 http://secunia.com/advisories/35243 http://secunia.com/advisories/35253 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •