Page 7 of 48 results (0.068 seconds)

CVSS: 6.5EPSS: 0%CPEs: 81EXPL: 0

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando está configurado en modo de difusión, permite a atacantes man-in-the-middle realizar ataques de repetición rastreando la red. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-254: 7PK - Security Features •

CVSS: 7.7EPSS: 0%CPEs: 29EXPL: 1

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." NTP 4.x en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no verifica las asociaciones del par de las claves simétricas cuando autentica paquetes, lo que podría permitir a atacante remotos llevar a cabo ataques de suplantación de identidad a través de una clave de confianza arbitraria, también conocida como "skeleton key". A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). • http://bugs.ntp.org/show_bug.cgi?id=2936 http://rhn.redhat.com/errata/RHSA-2016-2583.html http://support.ntp.org/bin/view/Main/NtpBug2936 http://www.debian.org/security/2016/dsa-3629 http://www.securityfocus.com/bid/81960 http://www.securitytracker.com/id/1034782 http://www.talosintel.com/reports/TALOS-2016-0071 https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750e • CWE-287: Improper Authentication CWE-304: Missing Critical Step in Authentication •

CVSS: 6.4EPSS: 0%CPEs: 90EXPL: 0

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos eludir la validación de marca horaria de origen a través de un paquete con una marca horaria de origen puesta a cero. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce&# • CWE-20: Improper Input Validation CWE-294: Authentication Bypass by Capture-replay •

CVSS: 5.9EPSS: 4%CPEs: 46EXPL: 0

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio empleando paquetes de respuesta en modo 6 manipulados. An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. • http://rhn.redhat.com/errata/RHSA-2016-0780.html http://rhn.redhat.com/errata/RHSA-2016-2583.html http://support.ntp.org/bin/view/Main/NtpBug2919 http://www.debian.org/security/2015/dsa-3388 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/77288 http://www.securitytracker.com/id/1033951 https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0001 https://access.redhat.com& • CWE-20: Improper Input Validation CWE-193: Off-by-one Error •

CVSS: 9.8EPSS: 97%CPEs: 91EXPL: 0

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. Los paquetes Crypto-NAK en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permiten que atacantes remotos eludan la autenticación. • http://support.ntp.org/bin/view/Main/NtpBug2941 http://www.debian.org/security/2015/dsa-3388 http://www.securityfocus.com/bid/77287 http://www.securitytracker.com/id/1033951 https://bugzilla.redhat.com/show_bug.cgi?id=1274265 https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839 https://security.gentoo.org/glsa/201604-03 https://security.gentoo.org/glsa/201607-15 https:/& • CWE-287: Improper Authentication •