CVSS: 5.3EPSS: 0%CPEs: 31EXPL: 0CVE-2018-7170
https://notcve.org/view.php?id=CVE-2018-7170
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. ntpd en ntp, en versiones 4.2.x anteriores a la 4.2.8p7 y versiones 4.3.x anteriores a la 4.3.92, permite que usuarios autenticados que conozcan la clave privada simétrica creen de forma arbitraria muchas asociaciones efímeras para ganar la selección de reloj de ntpd y modifiquen el reloj de una víctima mediante un ataque Sybil. Este problema existe debido a una solución incompleta para CVE-2016-1549. • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html http://support.ntp.org/bin/view/Main/NtpBug3415 http://www.securityfocus.com/archive/1/541824/100/0/threaded http://www.securityfocus.com/bid/103194 https://bugzilla.redhat.com/show_bug.cgi?id=1550214 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc https://security.gentoo.org/glsa/201805-12 https://security.netapp.com/advisory/ntap-20180626-0001 https://support.hpe.com/hpsc/doc •
CVSS: 5.9EPSS: 1%CPEs: 6EXPL: 1CVE-2016-9042
https://notcve.org/view.php?id=CVE-2016-9042
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. Existe una vulnerabilidad explotable de denegación de servicio (DoS) en la funcionalidad de comprobación de marca de tiempo de origen de ntpd 4.2.8p9. Se puede emplear un paquete de red no autenticado especialmente manipulado para reiniciar la marca de tiempo de origen esperada para los peers objetivo. • http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html http://seclists.org/fulldisclosure/2017/Nov/7 http://seclists.org/fulldisclosure/2017/Sep/62 http://www.securityfocus.com/archive/1/540403/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded http:// • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2017-6458
https://notcve.org/view.php?id=CVE-2017-6458
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Múltiples desbordamientos de búfer en las funciones ctl_put * en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permiten a usuarios remotos autenticados tener un impacto no especificado a través de una variable larga. • http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html http://seclists.org/fulldisclosure/2017/Nov/7 http://seclists.org/fulldisclosure/2017/Sep/62 http://support.ntp.org/bin/view/Main/NtpBug3379 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded http://www.securityfocus.com/bid/97051 http://www.securitytracker.com/id/1038123 http://www.u • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 92EXPL: 0CVE-2016-7426 – ntp: Client rate limiting and server responses
https://notcve.org/view.php?id=CVE-2016-7426
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. NTP en versiones anteriores a 4.2.8p9 limita la clasificación de respuestas recibidas desde las fuentes configuradas cuando la limitación de clasificación para todas las asociaciones está habilitado, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir las respuestas de las fuentes) enviando respuestas con una dirección de origen suplantada. It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. • http://nwtime.org/ntp428p9_release http://rhn.redhat.com/errata/RHSA-2017-0252.html http://support.ntp.org/bin/view/Main/NtpBug3071 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.securityfocus.com/bid/94451 http://www.securitytracker.com/id/1037354 https://bto.bluecoat.com/security-advisory/sa139 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us https://security.FreeBSD.org/advisories/FreeBSD-SA- • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 96%CPEs: 492EXPL: 3CVE-2016-7434 – NTP 4.2.8p8 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-7434
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. La función read_mru_list en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una consulta mrulist manipulada. ntpd versions 4.2.7p22 up to but not including 4.2.8p9 and 4.3.0 up to, but not including 4.3.94 suffer from a remote denial of service vulnerability. The vulnerability allow unauthenticated users to crash ntpd with a single malformed UDP packet, which cause a null pointer dereference. • https://www.exploit-db.com/exploits/40806 https://github.com/opsxcq/exploit-CVE-2016-7434 https://github.com/shekkbuilder/CVE-2016-7434 http://nwtime.org/ntp428p9_release http://support.ntp.org/bin/view/Main/NtpBug3082 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.securityfocus.com/bid/94448 http://www.securitytracker.com/id/1037354 https://bto.bluecoat.com/security-advisory/sa139 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLoca • CWE-20: Improper Input Validation •