CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1799 – ntp: authentication doesn't protect symmetric associations against DoS attacks
https://notcve.org/view.php?id=CVE-2015-1799
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. La característica symmetric-key en la función receive en ntp_proto.c en ntpd en NTP 3.x y 4.x anterior a 4.2.8p2 realiza actualizaciones de las variables de estados al recibir ciertos paquetes inválidos, lo que facilita a atacantes man-in-the-middle causar una denegación de servicio (perdida de sincronización) mediante la falsificación de la dirección del IP de fuente de un par. A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. • http://bugs.ntp.org/show_bug.cgi?id=2781 http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html http://marc.info/?l=bugtraq&m=143213867103400&w=2 http://marc • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2014-9293 – ntp: automatic generation of weak default key in config_auth()
https://notcve.org/view.php?id=CVE-2014-9293
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. La función config_auth en ntpd en NTP anterior a 4.2.7p11, cuando no se configura una clave de autenticación, incorréctamente genera una clave, esto hace que atacantes remotos puedan romper los mecanismos de protección fácilmente mediante un ataque de fuerza bruta. It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. • http://advisories.mageia.org/MGASA-2014-0541.html http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs&REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw http://bugs.ntp.org/show_bug.cgi?id=2665 http://marc.info/?l=bugtraq&m=142469153211996&w=2 http://marc.info/?l=bugtraq&m=142590659431171&w=2 http://marc.info/? • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2014-9294 – ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
https://notcve.org/view.php?id=CVE-2014-9294
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. util/ntp-keygen.c en ntp-keygen en NTP anterior a 4.2.7p230 emplea una semilla RNG débil, esto hace que sea más fácil romper los mecanismos de cifrado atacantes remotos mediante un ataque de fuerza bruta. It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys. • http://advisories.mageia.org/MGASA-2014-0541.html http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs&REV=4eae1b72298KRoBQmX-y8URCiRPH5g http://bugs.ntp.org/show_bug.cgi?id=2666 http://marc.info/?l=bugtraq&m=142469153211996&w=2 http://marc.info/?l=bugtraq&m=142590659431171&w=2 http://marc.info/? • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1CVE-2014-9296 – ntp: receive() missing return on error
https://notcve.org/view.php?id=CVE-2014-9296
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. La función de recepción en ntp_proto.c en ntpd en NTP anterior a 4.2.8 continúa ejecutando después de detectar un cierto error de autenticación, lo que podría permitir a un atacante remoto a provocar una asociación involuntaria mediante paquetes modificados. A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. • http://advisories.mageia.org/MGASA-2014-0541.html http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548ad06feXHK1HlZoY-WZVyynwvwAg http://bugs.ntp.org/show_bug.cgi?id=2670 http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html http://marc.info/?l=bugtraq&m=142590659431171&w=2 http://marc.info/?l=bugtraq&m=142853370924302&w=2 http://marc.info/? • CWE-17: DEPRECATED: Code CWE-390: Detection of Error Condition Without Action •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 3CVE-2014-9295 – ntp: Multiple buffer overflows via specially-crafted packets
https://notcve.org/view.php?id=CVE-2014-9295
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. Múltiples desbordamientos de buffer en ntpd en NTP anterior a 4.2.8, permite a atacantes remotos la ejecución de código arbitrario mediante un paquete manipulado, relacionado con (1) la función crypto_recv cuando se utiliza la característica Autokey Authentication, (2) la función ctl_putdata y (3) la función de configuración. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. • http://advisories.mageia.org/MGASA-2014-0541.html http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg http://bk1.ntp.org/ntp-dev/?PAGE=patch&REV=548acf55dxKfhb6MuYQwzu8eDlS97g http://bugs.ntp.org/show_bug.cgi?id=2667 http://bugs.ntp.org/show_bug.cgi? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •