CVSS: 5.3EPSS: 1%CPEs: 125EXPL: 0CVE-2016-2518 – ntp: out-of-bounds references on crafted packet
https://notcve.org/view.php?id=CVE-2016-2518
02 May 2016 — The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande. An out-of-bounds access flaw was found in the way ntpd processed certain packets. An au... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 9%CPEs: 93EXPL: 0CVE-2016-2519 – Ubuntu Security Notice USN-3349-1
https://notcve.org/view.php?id=CVE-2016-2519
02 May 2016 — ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. Ntpd en NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos causar una denegación de servicio (ntpd abort) por un gran petición de valores de datos, lo que activa la función ctl_getitem para devolver un valor NULL. Yihan Lian discovered that... • http://support.ntp.org/bin/view/Main/NtpBug3008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 7%CPEs: 91EXPL: 0CVE-2015-7977 – ntp: restriction list NULL pointer dereference
https://notcve.org/view.php?id=CVE-2015-7977
25 Feb 2016 — ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. ntpd en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) mediante un comando ntpdc reslist. A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large a... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 32%CPEs: 90EXPL: 0CVE-2015-7978 – ntp: stack exhaustion in recursive traversal of restriction list
https://notcve.org/view.php?id=CVE-2015-7978
25 Feb 2016 — NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. NTP en versiones anteriores a 4.2.8p6 y 4.3.0 en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (agotamiento de la pila) a través de un comando ntpdc relist, lo que desencadena el recorrido recursivo de la lista de restricciones. A stack-based buffer overflow... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html • CWE-121: Stack-based Buffer Overflow CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 18%CPEs: 90EXPL: 0CVE-2015-7979 – ntp: off-path denial of service on authenticated broadcast mode
https://notcve.org/view.php?id=CVE-2015-7979
25 Feb 2016 — NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos causar una denegación de servicio (asociación cliente-servidor) por el envío de paquetes de difusión con autenticación no válida a un cliente transmisor. It was found that when NTP was config... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html • CWE-19: Data Processing Errors CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 22%CPEs: 90EXPL: 0CVE-2015-8158 – ntp: potential infinite loop in ntpq
https://notcve.org/view.php?id=CVE-2015-8158
25 Feb 2016 — The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. La función getresponse en ntpq en NTP versiones anteriores a 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.90 permite a los atacantes remotos causar una denegación de servicio (bucle infinito) a través de paquetes creados con valores incorrectos. A flaw was found in the way the ntpq client processed certain inc... • http://rhn.redhat.com/errata/RHSA-2016-2583.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 7%CPEs: 81EXPL: 0CVE-2015-7973 – HPE Security Bulletin HPESBHF03750 1
https://notcve.org/view.php?id=CVE-2015-7973
27 Jan 2016 — NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando está configurado en modo de difusión, permite a atacantes man-in-the-middle realizar ataques de repetición rastreando la red. Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perfo... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-254: 7PK - Security Features •
CVSS: 6.2EPSS: 0%CPEs: 90EXPL: 0CVE-2015-7975 – HPE Security Bulletin HPESBHF03750 1
https://notcve.org/view.php?id=CVE-2015-7975
27 Jan 2016 — The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). La función nextvar en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no valida correctamente la longitud de su entrada, lo que permite a un atacante provocar una denegación de servicio (caída de la aplicación). Aanchal Malhotra discovered that NTP incorrectly handled authenticated broa... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 4%CPEs: 108EXPL: 0CVE-2015-7976 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2015-7976
27 Jan 2016 — The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a través de un nombre de archivo manipulado. Aanchal Malhotra discovered that ... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-254: 7PK - Security Features •
CVSS: 7.7EPSS: 4%CPEs: 29EXPL: 1CVE-2015-7974 – ntp: missing key check allows impersonation between authenticated peers (VU#357792)
https://notcve.org/view.php?id=CVE-2015-7974
26 Jan 2016 — NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." NTP 4.x en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no verifica las asociaciones del par de las claves simétricas cuando autentica paquetes, lo que podría permitir a atacante remotos llevar a cabo ataques de suplantación de identidad a... • http://bugs.ntp.org/show_bug.cgi?id=2936 • CWE-287: Improper Authentication CWE-304: Missing Critical Step in Authentication •