CVSS: 7.5EPSS: 57%CPEs: 14EXPL: 0CVE-2016-4957 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4957
04 Jun 2016 — ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. ntpd en NTP en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un paquete crypto-NAK. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-1547. Potential security vulnerabilities with NTP have been addresse... • http://bugs.ntp.org/3046 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 25%CPEs: 1EXPL: 0CVE-2015-8139 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2015-8139
05 May 2016 — ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. ntpq en NTP en versiones anteriores a 4.2.8p7 permite a atacantes remotos obtener timestamps de origen y luego suplantar a sus pares a través de vectores no especificados. An update that solves 28 vulnerabilities and has two fixes is now available. Ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes. Some options have been renamed or dropped. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-284: Improper Access Control •
CVSS: 5.8EPSS: 30%CPEs: 1EXPL: 0CVE-2015-8140 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2015-8140
05 May 2016 — The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. El protocolo ntpq en NTP en versiones anteriores a 4.2.8p7 permite a los atacantes remotos realizar ataques de repetición para rastrear la red. An update that solves 28 vulnerabilities and has two fixes is now available. Ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2016-1548 – ntp: ntpd switching to interleaved mode with spoofed packets
https://notcve.org/view.php?id=CVE-2016-1548
02 May 2016 — An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. Un atacante puede suplantar un paquete de un ser... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html • CWE-19: Data Processing Errors •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1547 – ntp: crypto-NAK preemptable association denial of service
https://notcve.org/view.php?id=CVE-2016-1547
02 May 2016 — An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. Un atacante fuera de ruta puede provocar que una asociación de clientes preventiva sea desmovilizada en NTP 4.2.8p4 y versiones anteriores y NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 en... • http://rhn.redhat.com/errata/RHSA-2016-1552.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1549 – Slackware Security Advisory - ntp Updates
https://notcve.org/view.php?id=CVE-2016-1549
02 May 2016 — A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. Un par malicioso autenticado puede crear arbitrariamente muchas asociaciones efímeras para ganar el algoritmo de selección de reloj en ntpd en NTP 4.2.8p4 y versiones anteriores y NTPsec 3e160db8dc248a0bcb053b56a80167dc742d... • http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-19: Data Processing Errors •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1550 – ntp: libntp message digest disclosure
https://notcve.org/view.php?id=CVE-2016-1550
02 May 2016 — An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. Existe una vulnerabilidad explotable en el mensaje de autenticación de la función del libntp en ntp 4.2.8p4 y NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. Un atacante puede enviar series de mensajes manipulados para intentar el mensaje de dirección de cl... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1551 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2016-1551
02 May 2016 — ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian p... • http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-254: 7PK - Security Features •
CVSS: 7.1EPSS: 17%CPEs: 93EXPL: 0CVE-2016-2516 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2016-2516
02 May 2016 — NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92, cuando mode7 está habilitado, permite a atacantes remotos provocar una denegación de servicio (anular ntpd) usando la misma dirección IP varias veces en una directiva unconfig. Aanchal Malhotra discovered that NTP incorrectly han... • http://support.ntp.org/bin/view/Main/NtpBug3011 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 9%CPEs: 93EXPL: 0CVE-2016-2517 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2016-2517
02 May 2016 — NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos provocar una denegación de servicio (e... • http://support.ntp.org/bin/view/Main/NtpBug3010 • CWE-20: Improper Input Validation •