CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1CVE-2014-9296 – ntp: receive() missing return on error
https://notcve.org/view.php?id=CVE-2014-9296
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. La función de recepción en ntp_proto.c en ntpd en NTP anterior a 4.2.8 continúa ejecutando después de detectar un cierto error de autenticación, lo que podría permitir a un atacante remoto a provocar una asociación involuntaria mediante paquetes modificados. A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. • http://advisories.mageia.org/MGASA-2014-0541.html http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg http://bugs.ntp.org/show_bug.cgi?id=2670 http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html http://marc.info/?l=bugtraq&m=142590659431171&w=2 http://marc.info/?l=bugtraq&m=142853370924302&w=2 http://marc.info/? • CWE-17: DEPRECATED: Code CWE-390: Detection of Error Condition Without Action •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 3CVE-2014-9295 – ntp: Multiple buffer overflows via specially-crafted packets
https://notcve.org/view.php?id=CVE-2014-9295
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. Múltiples desbordamientos de buffer en ntpd en NTP anterior a 4.2.8, permite a atacantes remotos la ejecución de código arbitrario mediante un paquete manipulado, relacionado con (1) la función crypto_recv cuando se utiliza la característica Autokey Authentication, (2) la función ctl_putdata y (3) la función de configuración. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. • http://advisories.mageia.org/MGASA-2014-0541.html http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g http://bugs.ntp.org/show_bug.cgi?id=2667 http://bugs.ntp.org/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 96%CPEs: 31EXPL: 2CVE-2013-5211 – NTP ntpd monlist Query Reflection - Denial of Service
https://notcve.org/view.php?id=CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. La característica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013. Detect UDP endpoints with UDP amplification vulnerabilities. • https://www.exploit-db.com/exploits/33073 https://github.com/0xhav0c/CVE-2013-5211 http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc http://bugs.ntp.org/show_bug.cgi?id=1532 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html http://marc.info/?l=bugtraq&m=138971294629419&w=2 http://marc.info/?l=bugtraq&m=144182594518 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 96%CPEs: 21EXPL: 0CVE-2009-3563 – ntpd: DoS with mode 7 packets (VU#568372)
https://notcve.org/view.php?id=CVE-2009-3563
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantación de (1) petición o (2) paquete respueta lo que lanza continuo intercambio de errores de respuesta MODE_PRIVATE entre dos demonios NTP. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=bugtraq&m=130168580504508&w=2 http://marc.info/? •
CVSS: 6.8EPSS: 96%CPEs: 78EXPL: 0CVE-2009-1252 – ntp: remote arbitrary code execution vulnerability if autokeys is enabled
https://notcve.org/view.php?id=CVE-2009-1252
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. Desbordamiento de búfer basado en pila en la función crypto_recv en ntp_crypto.c en ntpd en NTP anteriores a v4.2.4p7 y v4.2.5 anterior a v4.2.5p74, cuando OpenSSL y autokey están activados, permite a atacantes remotos ejecutar código de forma arbitraria a través de paquetes manipulados que contienen un campo de extension. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://rhn.redhat.com/errata/RHSA-2009-1039.html http://rhn.redhat.com/errata/RHSA-2009-1040.html http://secunia.com/advisories/35137 http://secunia.com/advisories/35138 http://secunia.com/advisories/35166 http://secunia.com/advisories/35169 http://secunia.com/advisories/35243 http://secunia.com/advisories/35253 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •