CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1798 – ntp: ntpd accepts unauthenticated packets with symmetric key crypto
https://notcve.org/view.php?id=CVE-2015-1798
08 Apr 2015 — The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. La característica symmetric-key en la función receive en ntp_proto.c en ntpd en NTP 4.x anterior a 4.2.8p2 requiere un MAC correcto únicamente si el campo MAC tiene una longitud que no sea cero, lo que facilita a atacantes man-in-the-middle falsificar pa... • http://bugs.ntp.org/show_bug.cgi?id=2779 • CWE-17: DEPRECATED: Code CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2014-9293 – ntp: automatic generation of weak default key in config_auth()
https://notcve.org/view.php?id=CVE-2014-9293
20 Dec 2014 — The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. La función config_auth en ntpd en NTP anterior a 4.2.7p11, cuando no se configura una clave de autenticación, incorréctamente genera una clave, esto hace que atacantes remotos puedan romper los mecanismos de protección fácilmente mediante un ataque de fuerza bruta. It was fou... • http://advisories.mageia.org/MGASA-2014-0541.html • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 8.1EPSS: 71%CPEs: 1EXPL: 4CVE-2014-9295 – ntp: Multiple buffer overflows via specially-crafted packets
https://notcve.org/view.php?id=CVE-2014-9295
20 Dec 2014 — Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. Múltiples desbordamientos de buffer en ntpd en NTP anterior a 4.2.8, permite a atacantes remotos la ejecución de código arbitrario mediante un paquete manipulado, relacionado con (1) la función crypto_recv cuando se utiliza ... • https://github.com/MacMiniVault/NTPUpdateSnowLeopard • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 4%CPEs: 1EXPL: 1CVE-2014-9294 – ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
https://notcve.org/view.php?id=CVE-2014-9294
20 Dec 2014 — util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. util/ntp-keygen.c en ntp-keygen en NTP anterior a 4.2.7p230 emplea una semilla RNG débil, esto hace que sea más fácil romper los mecanismos de cifrado atacantes remotos mediante un ataque de fuerza bruta. It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to ... • http://advisories.mageia.org/MGASA-2014-0541.html • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2014-9296 – ntp: receive() missing return on error
https://notcve.org/view.php?id=CVE-2014-9296
20 Dec 2014 — The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. La función de recepción en ntp_proto.c en ntpd en NTP anterior a 4.2.8 continúa ejecutando después de detectar un cierto error de autenticación, lo que podría permitir a un atacante remoto a provocar una asociación involuntaria mediante paquetes modificados. A missing return sta... • http://advisories.mageia.org/MGASA-2014-0541.html • CWE-17: DEPRECATED: Code CWE-390: Detection of Error Condition Without Action •
CVSS: 8.8EPSS: 92%CPEs: 31EXPL: 17CVE-2013-5211 – NTP ntpd monlist Query Reflection - Denial of Service
https://notcve.org/view.php?id=CVE-2013-5211
02 Jan 2014 — The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. La característica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido... • https://packetstorm.news/files/id/180965 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 96%CPEs: 21EXPL: 1CVE-2009-3563 – ntpd: DoS with mode 7 packets (VU#568372)
https://notcve.org/view.php?id=CVE-2009-3563
09 Dec 2009 — ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantac... • https://packetstorm.news/files/id/180496 •
CVSS: 9.8EPSS: 4%CPEs: 29EXPL: 0CVE-2009-0159 – ntp: buffer overflow in ntpq
https://notcve.org/view.php?id=CVE-2009-0159
14 Apr 2009 — Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response. Desbordamiento de búfer basado en pila en la función cookedprint en ntpq/ntpq.c en ntpq en NTP versiones anteriores a v4.2.4p7-RC2 permite a servidores NTP remotos ejecutar código de su elección a través de respuestas manipuladas. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2009-0021 – ntp incorrectly checks for malformed signatures
https://notcve.org/view.php?id=CVE-2009-0021
07 Jan 2009 — NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. NTP versiones 4.2.4 anteriores a 4.2.4p5 y versiones 4.2.5 anteriores a 4.2.5p150, no comprueba apropiadamente el valor devuelto de la función EVP_VerifyFinal de OpenSSL, que permite a los atacantes r... • http://lists.apple.com/archives/security-announce/2009/May/msg00002.html • CWE-287: Improper Authentication •