Page 8 of 66 results (0.006 seconds)

CVSS: 7.5EPSS: 4%CPEs: 38EXPL: 0

CVE-2015-5300 – ntp: MITM attacker can force ntpd to make a step larger than the panic threshold

https://notcve.org/view.php?id=CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). La comprobación panic_gate en NTP anterior a versión 4.2.8p5 es solo habilitada nuevamente después del primer cambio al reloj del sistema que fue mayor que 128 milisegundos por defecto, permitiendo a los atacantes remotos fijar el NTP a un tiempo arbitrario cuando arranca con la opción -g, o alterar el tiempo hasta 900 segundos, de lo contrario por respuesta a un número no especificado de peticiones de fuentes de confianza y aprovechando una denegación de servicio resultante (anular y reiniciar). It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time. • http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announc • CWE-20: Improper Input Validation CWE-361: 7PK - Time and State •

CVSS: 9.8EPSS: 1%CPEs: 31EXPL: 0

CVE-2015-7705

https://notcve.org/view.php?id=CVE-2015-7705

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. La funcionalidad de limitación de velocidad en NTP 4.x en versiones anteriores a la 4.2.8p4 y 4.3.x en versiones anteriores a la 4.3.77 permite que atacantes remotos provoquen errores sin especificar empleando un gran número de peticiones manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-06 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 0

CVE-2015-7849

https://notcve.org/view.php?id=CVE-2015-7849

Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. Una vulnerabilidad use-after-free en ntpd en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que atacantes remotos autenticados tengan la posibilidad de ejecutar código arbitrario o provocar una denegación de servicio utilizando paquetes manipulados. • http://support.ntp.org/bin/view/Main/NtpBug2916 http://www.securityfocus.com/bid/77276 http://www.securitytracker.com/id/1033951 https://bugzilla.redhat.com/show_bug.cgi?id=1274257 https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0001 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 1%CPEs: 27EXPL: 0

CVE-2015-7850

https://notcve.org/view.php?id=CVE-2015-7850

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. ntpd en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que usuarios remotos autenticados provoquen una denegación de servicio (bucle infinito o caída del sistema) apuntando al archivo de claves en el archivo de log. • http://support.ntp.org/bin/view/Main/NtpBug2917 http://www.debian.org/security/2015/dsa-3388 http://www.securityfocus.com/bid/77279 http://www.securitytracker.com/id/1033951 https://bugzilla.redhat.com/show_bug.cgi?id=1274258 https://security.gentoo.org/glsa/201607-15 https://security.netapp.com/advisory/ntap-20171004-0001 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 1

CVE-2015-7851

https://notcve.org/view.php?id=CVE-2015-7851

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. La vulnerabilidad salto de directorio en la función save_config en ntpd en el archivo ntp_control.c en NTP versiones anteriores a 4.2.8p4, cuando es usado en sistemas que no utilizan caracteres "\" o '"/" para la separación de directorios como OpenVMS, permite a usuarios autenticados remotos sobrescribir archivos arbitrarios. • http://support.ntp.org/bin/view/Main/NtpBug2918 http://support.ntp.org/bin/view/Main/SecurityNotice http://www.talosintel.com/reports/TALOS-2015-0062 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •