CVE-2016-2516
https://notcve.org/view.php?id=CVE-2016-2516
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92, cuando mode7 está habilitado, permite a atacantes remotos provocar una denegación de servicio (anular ntpd) usando la misma dirección IP varias veces en una directiva unconfig. • http://support.ntp.org/bin/view/Main/NtpBug3011 http://www.debian.org/security/2016/dsa-3629 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/88180 http://www.securitytracker.com/id/1035705 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0002 https://www.kb.cert.org/vuls/id/718152 • CWE-20: Improper Input Validation •
CVE-2016-2517
https://notcve.org/view.php?id=CVE-2016-2517
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos provocar una denegación de servicio (evitar la posterior autenticación) aprovechando el conocimiento de la clave de control o requestkey y enviando un paquete creado a ntpd, que cambia el valor de trustedkey, Controlkey o requestkey. NOTA: esta vulnerabilidad existe debido a una regresión de la CVE-2016-2516. • http://support.ntp.org/bin/view/Main/NtpBug3010 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/88189 http://www.securitytracker.com/id/1035705 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0002 https://www.kb.cert.org/vuls/id/718152 • CWE-20: Improper Input Validation •
CVE-2016-2518 – ntp: out-of-bounds references on crafted packet
https://notcve.org/view.php?id=CVE-2016-2518
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande. An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016& • CWE-125: Out-of-bounds Read •
CVE-2015-7978 – ntp: stack exhaustion in recursive traversal of restriction list
https://notcve.org/view.php?id=CVE-2015-7978
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. NTP en versiones anteriores a 4.2.8p6 y 4.3.0 en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (agotamiento de la pila) a través de un comando ntpdc relist, lo que desencadena el recorrido recursivo de la lista de restricciones. A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce • CWE-121: Stack-based Buffer Overflow CWE-400: Uncontrolled Resource Consumption •
CVE-2015-8158 – ntp: potential infinite loop in ntpq
https://notcve.org/view.php?id=CVE-2015-8158
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. La función getresponse en ntpq en NTP versiones anteriores a 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.90 permite a los atacantes remotos causar una denegación de servicio (bucle infinito) a través de paquetes creados con valores incorrectos. A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. • http://rhn.redhat.com/errata/RHSA-2016-2583.html http://support.ntp.org/bin/view/Main/NtpBug2948 http://www.debian.org/security/2016/dsa-3629 http://www.securityfocus.com/bid/81814 http://www.securitytracker.com/id/1034782 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09. • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •