CVE-2017-6464 – ntp: Denial of Service via Malformed Config
https://notcve.org/view.php?id=CVE-2017-6464
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a atacantes remotos provocar una denegación de servicio (caída ntpd) a través de una directiva de configuración de modo mal formado. A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. • http://support.ntp.org/bin/view/Main/NtpBug3389 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97050 http://www.securitytracker.com/id/1038123 https://access.redhat.com/errata/RHSA-2017:3071 https://access.redhat.com/errata/RHSA-2018:0855 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&a • CWE-20: Improper Input Validation •
CVE-2017-6451
https://notcve.org/view.php?id=CVE-2017-6451
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. La función mx4200_send en el refclock legado de MX4200 en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 no maneja correctamente el valor de retorno de la función snprintf, lo que permite a usuarios locales ejecutar código arbitrario a través de vectores no especificados, lo que desencadena una escritura de memoria fuera de límites. • http://support.ntp.org/bin/view/Main/NtpBug3378 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97058 http://www.securitytracker.com/id/1038123 http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us • CWE-787: Out-of-bounds Write •
CVE-2017-6463 – ntp: Authenticated DoS via Malicious Config Option
https://notcve.org/view.php?id=CVE-2017-6463
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) a través de una configuración no válida en al directiva :config, relacionado con la opción unpeer. A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. • http://support.ntp.org/bin/view/Main/NtpBug3387 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97049 http://www.securitytracker.com/id/1038123 https://access.redhat.com/errata/RHSA-2017:3071 https://access.redhat.com/errata/RHSA-2018:0855 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc https://support.apple.com/HT208144 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&a • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVE-2017-6459
https://notcve.org/view.php?id=CVE-2017-6459
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. El instalador de Windows para NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a través de vectores relacionados con un argumento con múltiples bytes nulos. • http://support.ntp.org/bin/view/Main/NtpBug3382 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/bid/97076 http://www.securitytracker.com/id/1038123 https://support.apple.com/HT208144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7429 – ntp: Attack on interface selection
https://notcve.org/view.php?id=CVE-2016-7429
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. NTP en versiones anteriores a 4.2.8p9 cambia la estructura de los pares a la interfaz que recibe la respuesta de una fuente, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir la comunicación con una fuente) enviando una respuesta para una fuente a una interfaz que la fuente no utiliza. A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. • http://nwtime.org/ntp428p9_release http://rhn.redhat.com/errata/RHSA-2017-0252.html http://support.ntp.org/bin/view/Main/NtpBug3072 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/94453 http://www.securitytracker.com/id/1037354 https://bto.bluecoat.com/security-advisory/sa139 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr • CWE-18: DEPRECATED: Source Code •