CVSS: 7.5EPSS: 65%CPEs: 21EXPL: 1CVE-2009-3563 – ntpd: DoS with mode 7 packets (VU#568372)
https://notcve.org/view.php?id=CVE-2009-3563
09 Dec 2009 — ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantac... • https://packetstorm.news/files/id/180496 •
CVSS: 9.8EPSS: 56%CPEs: 78EXPL: 0CVE-2009-1252 – ntp: remote arbitrary code execution vulnerability if autokeys is enabled
https://notcve.org/view.php?id=CVE-2009-1252
19 May 2009 — Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field. Desbordamiento de búfer basado en pila en la función crypto_recv en ntp_crypto.c en ntpd en NTP anteriores a v4.2.4p7 y v4.2.5 anterior a v4.2.5p74, cuando OpenSSL y autokey están activados, permite a atacantes remotos ejecutar código de forma... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •