CVSS: 8.1EPSS: 37%CPEs: 1EXPL: 1CVE-2014-9294 – ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
https://notcve.org/view.php?id=CVE-2014-9294
20 Dec 2014 — util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. util/ntp-keygen.c en ntp-keygen en NTP anterior a 4.2.7p230 emplea una semilla RNG débil, esto hace que sea más fácil romper los mecanismos de cifrado atacantes remotos mediante un ataque de fuerza bruta. It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to ... • http://advisories.mageia.org/MGASA-2014-0541.html • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 9.8EPSS: 15%CPEs: 1EXPL: 1CVE-2014-9296 – ntp: receive() missing return on error
https://notcve.org/view.php?id=CVE-2014-9296
20 Dec 2014 — The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. La función de recepción en ntp_proto.c en ntpd en NTP anterior a 4.2.8 continúa ejecutando después de detectar un cierto error de autenticación, lo que podría permitir a un atacante remoto a provocar una asociación involuntaria mediante paquetes modificados. A missing return sta... • http://advisories.mageia.org/MGASA-2014-0541.html • CWE-17: DEPRECATED: Code CWE-390: Detection of Error Condition Without Action •
CVSS: 8.8EPSS: 92%CPEs: 31EXPL: 17CVE-2013-5211 – NTP ntpd monlist Query Reflection - Denial of Service
https://notcve.org/view.php?id=CVE-2013-5211
02 Jan 2014 — The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. La característica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegación de servicio (amplificación de tráfico) a través de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido... • https://packetstorm.news/files/id/180965 • CWE-20: Improper Input Validation •