CVE-2017-6452
https://notcve.org/view.php?id=CVE-2017-6452
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. Desbordamiento de búfer basado en pila en el instalador de Windows para NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a través de una ruta de la aplicación en la línea de comandos. • http://support.ntp.org/bin/view/Main/NtpBug3383 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97078 http://www.securitytracker.com/id/1038123 http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-6462 – ntp: Buffer Overflow in DPTS Clock
https://notcve.org/view.php?id=CVE-2017-6462
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. Desbordamiento de búfer en el controlador refclock legado Datum Programmable Time Server (DPTS) en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a través de un dispositivo /dev/datum manipulado. A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash. • http://support.ntp.org/bin/view/Main/NtpBug3388 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97045 http://www.securitytracker.com/id/1038123 https://access.redhat.com/errata/RHSA-2017:3071 https://access.redhat.com/errata/RHSA-2018:0855 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2017-6460
https://notcve.org/view.php?id=CVE-2017-6460
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. Desbordamiento de búfer basado en pila en la función reslist en ntpq en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a servidores remotos tener un impacto no especificado a través de una variable flagstr larga en una respuesta de lista de restricciones. • http://support.ntp.org/bin/view/Main/NtpBug3377 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97052 http://www.securitytracker.com/id/1038123 https://security.paloaltonetworks.com/CVE-2017-6460 https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-6455
https://notcve.org/view.php?id=CVE-2017-6455
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94, cuando se utiliza PPSAPI, permite a usuarios locales obtener privilegios a través de un DLL en la variable de entorno PPSAPI_DLLS • http://support.ntp.org/bin/view/Main/NtpBug3384 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97074 http://www.securitytracker.com/id/1038123 http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208144 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2017-6464 – ntp: Denial of Service via Malformed Config
https://notcve.org/view.php?id=CVE-2017-6464
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a atacantes remotos provocar una denegación de servicio (caída ntpd) a través de una directiva de configuración de modo mal formado. A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. • http://support.ntp.org/bin/view/Main/NtpBug3389 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97050 http://www.securitytracker.com/id/1038123 https://access.redhat.com/errata/RHSA-2017:3071 https://access.redhat.com/errata/RHSA-2018:0855 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&a • CWE-20: Improper Input Validation •