CVE-2019-8936
https://notcve.org/view.php?id=CVE-2019-8936
NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL. • https://github.com/snappyJack/CVE-2019-8936 http://bugs.ntp.org/show_bug.cgi?id=3565 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html http://support.ntp.org/bin/view/Main/SecurityNotice https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP http • CWE-476: NULL Pointer Dereference •
CVE-2018-7185
https://notcve.org/view.php?id=CVE-2018-7185
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. El motor de protocolo en ntp, en versiones 4.2.6 anteriores a la 4.2.8p11, permite que atacantes remotos provoquen una denegación de servicio (interrupción) mediante el envío continuado de un paquete con una marca de tiempo zero-origin y la dirección IP de origen "del otro lado" de una asociación intercalada que provoca que el ntpd de la víctima restablezca su asociación. • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html http://support.ntp.org/bin/view/Main/NtpBug3454 http://www.securityfocus.com/archive/1/541824/100/0/threaded http://www.securityfocus.com/bid/103339 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc https://security.gentoo.org/glsa/201805-12 https://security.netapp.com/advisory/ntap-20180626-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en •
CVE-2018-7170
https://notcve.org/view.php?id=CVE-2018-7170
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. ntpd en ntp, en versiones 4.2.x anteriores a la 4.2.8p7 y versiones 4.3.x anteriores a la 4.3.92, permite que usuarios autenticados que conozcan la clave privada simétrica creen de forma arbitraria muchas asociaciones efímeras para ganar la selección de reloj de ntpd y modifiquen el reloj de una víctima mediante un ataque Sybil. Este problema existe debido a una solución incompleta para CVE-2016-1549. • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html http://support.ntp.org/bin/view/Main/NtpBug3415 http://www.securityfocus.com/archive/1/541824/100/0/threaded http://www.securityfocus.com/bid/103194 https://bugzilla.redhat.com/show_bug.cgi?id=1550214 https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc https://security.gentoo.org/glsa/201805-12 https://security.netapp.com/advisory/ntap-20180626-0001 https://support.hpe.com/hpsc/doc •
CVE-2016-9042
https://notcve.org/view.php?id=CVE-2016-9042
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. Existe una vulnerabilidad explotable de denegación de servicio (DoS) en la funcionalidad de comprobación de marca de tiempo de origen de ntpd 4.2.8p9. Se puede emplear un paquete de red no autenticado especialmente manipulado para reiniciar la marca de tiempo de origen esperada para los peers objetivo. • http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html http://seclists.org/fulldisclosure/2017/Nov/7 http://seclists.org/fulldisclosure/2017/Sep/62 http://www.securityfocus.com/archive/1/540403/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded http:// • CWE-20: Improper Input Validation •
CVE-2017-6458
https://notcve.org/view.php?id=CVE-2017-6458
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Múltiples desbordamientos de búfer en las funciones ctl_put * en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permiten a usuarios remotos autenticados tener un impacto no especificado a través de una variable larga. • http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html http://seclists.org/fulldisclosure/2017/Nov/7 http://seclists.org/fulldisclosure/2017/Sep/62 http://support.ntp.org/bin/view/Main/NtpBug3379 http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded http://www.securityfocus.com/bid/97051 http://www.securitytracker.com/id/1038123 http://www.u • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •