CVE-2013-5211 – NTP ntpd monlist Query Reflection - Denial of Service
https://notcve.org/view.php?id=CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. La característica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013. Detect UDP endpoints with UDP amplification vulnerabilities. • https://www.exploit-db.com/exploits/33073 https://github.com/0xhav0c/CVE-2013-5211 http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc http://bugs.ntp.org/show_bug.cgi?id=1532 http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04 http://lists.ntp.org/pipermail/pool/2011-December/005616.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html http://marc.info/?l=bugtraq&m=138971294629419&w=2 http://marc.info/?l=bugtraq&m=144182594518 • CWE-20: Improper Input Validation •
CVE-2009-3563 – ntpd: DoS with mode 7 packets (VU#568372)
https://notcve.org/view.php?id=CVE-2009-3563
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantación de (1) petición o (2) paquete respueta lo que lanza continuo intercambio de errores de respuesta MODE_PRIVATE entre dos demonios NTP. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=bugtraq&m=130168580504508&w=2 http://marc.info/? •
CVE-2009-1252 – ntp: remote arbitrary code execution vulnerability if autokeys is enabled
https://notcve.org/view.php?id=CVE-2009-1252
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. Desbordamiento de búfer basado en pila en la función crypto_recv en ntp_crypto.c en ntpd en NTP anteriores a v4.2.4p7 y v4.2.5 anterior a v4.2.5p74, cuando OpenSSL y autokey están activados, permite a atacantes remotos ejecutar código de forma arbitraria a través de paquetes manipulados que contienen un campo de extension. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://rhn.redhat.com/errata/RHSA-2009-1039.html http://rhn.redhat.com/errata/RHSA-2009-1040.html http://secunia.com/advisories/35137 http://secunia.com/advisories/35138 http://secunia.com/advisories/35166 http://secunia.com/advisories/35169 http://secunia.com/advisories/35243 http://secunia.com/advisories/35253 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2009-0159 – ntp: buffer overflow in ntpq
https://notcve.org/view.php?id=CVE-2009-0159
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. Desbordamiento de búfer basado en pila en la función cookedprint en ntpq/ntpq.c en ntpq en NTP versiones anteriores a v4.2.4p7-RC2 permite a servidores NTP remotos ejecutar código de su elección a través de respuestas manipuladas. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc http://bugs.pardus.org.tr/show_bug.cgi?id=9532 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://marc.info/?l=bugtraq&m=136482797910018&w=2 http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565 http://osvdb.org/53593 http://rhn.redhat.com/errata/RHSA-2009-1039.html http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2009-0021 – ntp incorrectly checks for malformed signatures
https://notcve.org/view.php?id=CVE-2009-0021
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. NTP versiones 4.2.4 anteriores a 4.2.4p5 y versiones 4.2.5 anteriores a 4.2.5p150, no comprueba apropiadamente el valor devuelto de la función EVP_VerifyFinal de OpenSSL, que permite a los atacantes remotos omitir la comprobación de la cadena de certificados por medio de una firma de SSL/TLS malformada para las claves DSA y ECDSA, una vulnerabilidad similar a CVE-2008-5077. • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33406 http://secunia.com/advisories/33558 http://secunia.com/advisories/33648 http://secunia.com/advisories/34642 http://secunia.com/advisories/35074 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.531177 • CWE-287: Improper Authentication •