CVE-2016-7434 – NTP 4.2.8p8 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-7434
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. La función read_mru_list en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una consulta mrulist manipulada. ntpd versions 4.2.7p22 up to but not including 4.2.8p9 and 4.3.0 up to, but not including 4.3.94 suffer from a remote denial of service vulnerability. The vulnerability allow unauthenticated users to crash ntpd with a single malformed UDP packet, which cause a null pointer dereference. • https://www.exploit-db.com/exploits/40806 https://github.com/opsxcq/exploit-CVE-2016-7434 https://github.com/shekkbuilder/CVE-2016-7434 http://nwtime.org/ntp428p9_release http://support.ntp.org/bin/view/Main/NtpBug3082 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.securityfocus.com/bid/94448 http://www.securitytracker.com/id/1037354 https://bto.bluecoat.com/security-advisory/sa139 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLoca • CWE-20: Improper Input Validation •
CVE-2015-8140
https://notcve.org/view.php?id=CVE-2015-8140
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. El protocolo ntpq en NTP en versiones anteriores a 4.2.8p7 permite a los atacantes remotos realizar ataques de repetición para rastrear la red. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html http://support.ntp.org/bin/view/Main/NtpBug2947 http://tools • CWE-284: Improper Access Control •
CVE-2015-8139
https://notcve.org/view.php?id=CVE-2015-8139
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. ntpq en NTP en versiones anteriores a 4.2.8p7 permite a atacantes remotos obtener timestamps de origen y luego suplantar a sus pares a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html http://support.ntp.org/bin/view/Main/NtpBug2946 http://tools • CWE-284: Improper Access Control •
CVE-2016-4953
https://notcve.org/view.php?id=CVE-2016-4953
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (desmovilización de asociación efímera) mediante el envío de un paquete crypto-NAK falsificado con datos de autenticación incorrectos en un momento determinado. • http://bugs.ntp.org/3045 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html http://lists.opensuse.org/ • CWE-287: Improper Authentication •
CVE-2016-4954
https://notcve.org/view.php?id=CVE-2016-4954
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. La función process_packet en ntp_proto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (modificación de par variable) enviando paquetes falsificados desde muchas direcciones IP de origen en un determinado escenario, según lo demostrado desencadenando una indicación de salto incorrecta. • http://bugs.ntp.org/3044 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html http://lists.opensuse.org/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •