Download
| Alert*
oval:org.secpod.oval:def:500532
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of ... oval:org.secpod.oval:def:601884 ntp is installed oval:org.secpod.oval:def:605118 ntp is installed oval:org.secpod.oval:def:500638 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A buffer overflow flaw was discovered in the ntpd daemon"s NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use th ... oval:org.secpod.oval:def:24757 The host is installed with ntp on RHEL 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly validate vallen in extension fields. Successful exploitation could allow attackers to disclose sensitive information or overflow the st ... oval:org.secpod.oval:def:24758 The host is installed with ntp on RHEL 6 or 7 and is prone to an IP ACLs bypass vulnerability. A flaw is present in the application, which fails to properly handle spoofed packets with ::1 source address. Successful exploitation could allow attackers to bypass source IP ACLs on some OSes. oval:org.secpod.oval:def:202084 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A buffer overflow flaw was discovered in the ntpd daemon"s NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use th ... oval:org.secpod.oval:def:202000 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of ... oval:org.secpod.oval:def:203160 ntp is installed oval:org.secpod.oval:def:202074 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of ... oval:org.secpod.oval:def:202189 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A buffer overflow flaw was discovered in the ntpd daemon"s NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use th ... oval:org.secpod.oval:def:702406 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:24535 The host is installed with ntp version 4.2.6 and earlier on Redhat Enterprise Linux 6 or on Redhat Enterprise Linux 7 and is prone to an endless loop vulnerability. A flaw is present in the application, which fails to handle MD5 symmetric keys on big-endian systems. Successful exploitation could all ... oval:org.secpod.oval:def:1501569 The monlist feature in ntp_request.c in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. oval:org.secpod.oval:def:1501567 The monlist feature in ntp_request.c in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. oval:org.secpod.oval:def:1200140 It was reported that ntp misses validation of vallen value, leading to various information leaks. See for more details. It was reported that ntp allows bypassing source IP ACLs on some OSes when ::1 spoofed oval:org.secpod.oval:def:203523 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ... oval:org.secpod.oval:def:203522 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ... oval:org.secpod.oval:def:203529 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ... oval:org.secpod.oval:def:601946 Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9297 Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and ... oval:org.secpod.oval:def:108145 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:52143 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:601953 Marc Deslauriers reported that the patch applied to ntp for CVE-2014-9297 in DSA 3154-1 was incomplete. This update corrects that problem. For reference, the relevant part of the original advisory text follows. Several vulnerabilities were discovered in the ntp package, an implementation of the Netw ... oval:org.secpod.oval:def:108104 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:108406 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:501480 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ... oval:org.secpod.oval:def:1500841 Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:108426 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:52402 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1500866 Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:22313 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1600026 It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query ... oval:org.secpod.oval:def:1500820 Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:501477 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ... oval:org.secpod.oval:def:89048987 This update for ntp fixes the following issues: ntp was updated to 4.2.8p17: * Fix some regressions of 4.2.8p16 Update to 4.2.8p16: * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date * [Sec 3807], bsc#1210390, CVE-2023-26555: praecis_parse in the Palisade refclock driver has a hypothetic ... oval:org.secpod.oval:def:96510 It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request is received. oval:org.secpod.oval:def:602572 Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers. CVE-2015-7977 / CVE-2015-7978 Stephen Gray discovered that a NULL pointer ... oval:org.secpod.oval:def:204167 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ... oval:org.secpod.oval:def:400712 ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations . - CVE-2016-4954: Processing spoofed server packets . - CVE-2016-4955: Autokey association reset . - CVE-2016-4956: Broadcast inte ... oval:org.secpod.oval:def:1501664 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ... oval:org.secpod.oval:def:400710 This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP se ... oval:org.secpod.oval:def:110101 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:501669 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ... oval:org.secpod.oval:def:203746 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ... oval:org.secpod.oval:def:51837 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:203745 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ... oval:org.secpod.oval:def:52812 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1501200 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ... oval:org.secpod.oval:def:1501328 It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to ... oval:org.secpod.oval:def:109587 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:114206 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ... oval:org.secpod.oval:def:37674 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1200052 It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client"s polling interval value, and effectively disable synchronization with th ... oval:org.secpod.oval:def:501975 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when ntp is configured ... oval:org.secpod.oval:def:702814 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:703691 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1501194 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ... oval:org.secpod.oval:def:31663 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could cause it to run out of memory oval:org.secpod.oval:def:1501755 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:109667 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:31660 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an invalid length field. Successful exploitation could could cause a buffer overflow potentially resulting in m ... oval:org.secpod.oval:def:31661 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could cause a buffer overflow potentially resulting in in null byte being w ... oval:org.secpod.oval:def:31662 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a large number of crafted requests. Successful exploitation could prevent clients from getting a usable reply f ... oval:org.secpod.oval:def:31656 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a mode 6 or mode 7 packet containing an unusually long data. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:31657 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:31658 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:31659 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:1600408 It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disab ... oval:org.secpod.oval:def:501758 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would ... oval:org.secpod.oval:def:1200153 As discussed upstream, a flaw was found in the way ntpd processed certain remote configuration packets. Note that remote configuration is disabled by default in NTP. It was found that the :config command can be used to set the pidfile and driftfile paths without any restrictions. A remote attacker c ... oval:org.secpod.oval:def:1501762 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89002061 This update for ntp fixes the following issues: Security issues fixed: - CVE-2016-1549: Significant additional protections against CVE-2016-1549 that was fixed in ntp-4.2.8p7 . - CVE-2018-7170: Ephemeral association time spoofing additional protection . - CVE-2018-7182: Buffer read overrun leads inf ... oval:org.secpod.oval:def:602264 Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs. oval:org.secpod.oval:def:89002454 This update for ntp fixes the following issues: - Update to 4.2.8p11 : * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182: ctl_getitem: buffer read overrun leads to u ... oval:org.secpod.oval:def:52191 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:89045188 ntp was updated to version 4.2.8p6 to fix 12 security issues. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq . - CVE-2015-8138: Zero Origin Timestamp Bypass . - CVE-2015-7979: Off-path Denial of Service attack on authenticated broadcast mode . - CVE-2015-79 ... oval:org.secpod.oval:def:1600431 It was discovered that ntpq and ntpdc disclosed the origin timestamp to unauthenticated clients, which could permit such clients to forge the server"s replies. The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service by sendin ... oval:org.secpod.oval:def:114196 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ... oval:org.secpod.oval:def:501930 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ... oval:org.secpod.oval:def:110826 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and snt ... oval:org.secpod.oval:def:400676 ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes: - The "sntp" commandline tool changed its option handling in a major way, some options have been renamed or dropped. - "controlkey 1" is added during update to ntp.conf to allow sntp to work. ... oval:org.secpod.oval:def:89045292 This update for ntp fixes the following issues: - Simplify ntpd"s search for its own executable to prevent AppArmor warnings . Security issues fixed : - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadc ... oval:org.secpod.oval:def:110183 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:1700033 Ephemeral association time spoofing additional protectionntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victims clock vi ... oval:org.secpod.oval:def:501833 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ... oval:org.secpod.oval:def:400775 ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq . - CVE-2015-8138: Zero Origin Timestamp Bypass . - CVE-2015-7979: Off-path Den ... oval:org.secpod.oval:def:501838 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ... oval:org.secpod.oval:def:111697 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and snt ... oval:org.secpod.oval:def:110482 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:1600488 The following security-related issues were resolved:CVE-2016-7426 : Client rate limiting and server responsesCVE-2016-7429 : Attack on interface selectionCVE-2016-7433 : Broken initial sync calculations regressionCVE-2016-9310 : Mode 6 unauthenticated trap information disclosure and DDoS vectorCVE-2 ... oval:org.secpod.oval:def:111695 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and snt ... oval:org.secpod.oval:def:111694 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and snt ... oval:org.secpod.oval:def:115130 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ... oval:org.secpod.oval:def:1501330 It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to ... oval:org.secpod.oval:def:400748 ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed: - CVE-2016-4956: Broadcast interleave . - CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC . - CVE-2016-2519: ctl_getitem return value not always checked . - CVE-2 ... oval:org.secpod.oval:def:89045148 ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations . - CVE-2016-4954: Processing spoofed server packets . - CVE-2016-4955: Autokey association reset . - CVE-2016-4956: Broadcast inte ... oval:org.secpod.oval:def:89045252 This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP se ... oval:org.secpod.oval:def:1501465 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that w ... oval:org.secpod.oval:def:703298 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1600389 It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to ... oval:org.secpod.oval:def:204118 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ... oval:org.secpod.oval:def:203940 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ... oval:org.secpod.oval:def:51513 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:203825 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would ... oval:org.secpod.oval:def:203944 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ... oval:org.secpod.oval:def:110814 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and snt ... oval:org.secpod.oval:def:203826 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would ... oval:org.secpod.oval:def:110490 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and snt ... oval:org.secpod.oval:def:204103 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when ntp is configured ... oval:org.secpod.oval:def:204101 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when ntp is configured ... oval:org.secpod.oval:def:1501485 he Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configured ... oval:org.secpod.oval:def:52613 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:41172 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:41173 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1501486 he Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configured ... oval:org.secpod.oval:def:89045156 This update for ntp fixes the following issues: ntp was updated to 4.2.8p9. Security issues fixed: - CVE-2016-9311, CVE-2016-9310, bsc#1011377: Mode 6 unauthenticated trap information disclosure and DDoS vector. - CVE-2016-7427, bsc#1011390: Broadcast Mode Replay Prevention DoS. - CVE-2016-7428, bsc ... oval:org.secpod.oval:def:502186 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * Two vulnerabilities were discovered in t ... oval:org.secpod.oval:def:204701 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * Two vulnerabilities were discovered in t ... oval:org.secpod.oval:def:112268 The Network Time Protocol is used to synchronize a computers time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:502268 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * ntp: Authenticated DoS via Malicious Con ... oval:org.secpod.oval:def:1502046 Several security issues were fixed in ntp. oval:org.secpod.oval:def:1502173 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600689 Denial of Service via Malformed Config:A vulnerability was discovered in the NTP servers parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message.Potential Overflows in ctl_put functions:A vulnerability was found in NTP, in the buil ... oval:org.secpod.oval:def:112219 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and snt ... oval:org.secpod.oval:def:204793 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * ntp: Authenticated DoS via Malicious Con ... oval:org.secpod.oval:def:41174 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:51012 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:2000564 The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. oval:org.secpod.oval:def:2003711 ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. oval:org.secpod.oval:def:2003710 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. oval:org.secpod.oval:def:1901444 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ... oval:org.secpod.oval:def:1601004 NTP has a NULL pointer dereference attack in an authenticated mode 6 packet oval:org.secpod.oval:def:205134 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * ntp: Stack-based buffer overflow in ntpq ... oval:org.secpod.oval:def:116203 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ... oval:org.secpod.oval:def:2003709 ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the vic ... oval:org.secpod.oval:def:2001095 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ... oval:org.secpod.oval:def:1502411 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2000527 Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. oval:org.secpod.oval:def:89002400 NTP was updated to 4.2.8p12 : - CVE-2018-12327: Fixed stack buffer overflow in the openhost command-line call of NTPQ/NTPDC. - CVE-2018-7170: Add further tweaks to improve the fix for the ephemeral association time spoofing additional protection Please also see https://www.nwtime.org/network-time- ... oval:org.secpod.oval:def:46321 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:503306 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * ntp: Stack-based buffer overflow in ntpq ... oval:org.secpod.oval:def:2000845 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim"s clock via a Sybil attack. This issue exists because of an incomp ... oval:org.secpod.oval:def:502588 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * ntp: Stack-based buffer overflow in ntpq ... oval:org.secpod.oval:def:89003095 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd . Other issues addressed: - Make sure that SLE12 version is higher than the one in SLE11 . - Fixed seve ... oval:org.secpod.oval:def:1901934 [Crafted null dereference attack in authenticated mode 6 packet] oval:org.secpod.oval:def:1700278 The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privil ... oval:org.secpod.oval:def:2001364 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent time ... oval:org.secpod.oval:def:205586 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * ntp: ntpd using highly predictable trans ... oval:org.secpod.oval:def:704152 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:116218 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ... oval:org.secpod.oval:def:89003443 This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd . Other isses addressed: - Fixed an issue which caused openSSL mismatch - Fixed several bugs in the BA ... oval:org.secpod.oval:def:1900085 ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim"s clock via a Sybil attack. This issue exists because of an incomp ... oval:org.secpod.oval:def:115035 The Network Time Protocol is used to synchronize a computer's time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is in the sntp packa ... oval:org.secpod.oval:def:70147 ntp - Network Time Protocol daemon and utility programs. A security issue was fixed in ntpq and ntpdc. oval:org.secpod.oval:def:52057 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1600928 ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim#039;s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-201 ... oval:org.secpod.oval:def:205318 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * ntp: Stack-based buffer overflow in ntpq ... oval:org.secpod.oval:def:97570 [CLSA-2021:1633442934] Fixed CVE-2020-11868 in ntp oval:org.secpod.oval:def:89048833 This update for ntp fixes the following issues: Fixed multiple out of bound writes: CVE-2023-26551 , CVE-2023-26552 , CVE-2023-26553 , CVE-2023-26554 . oval:org.secpod.oval:def:1702009 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpless thancpdec while loop. mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trail ... oval:org.secpod.oval:def:702509 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1200134 The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. The symmetric-key feature in the receive f ... oval:org.secpod.oval:def:204271 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. It was found that because NTP"s access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing : ... oval:org.secpod.oval:def:204260 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP"s access control was based ... oval:org.secpod.oval:def:501841 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. It was found that because NTP"s access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing : ... oval:org.secpod.oval:def:501737 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP"s access control was based ... oval:org.secpod.oval:def:602036 Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol: CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentica ... oval:org.secpod.oval:def:52453 ntp: Network Time Protocol daemon and utility programs Several security issues were fixed in NTP. oval:org.secpod.oval:def:1501086 Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol: CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentica ... oval:org.secpod.oval:def:108762 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:108773 The Network Time Protocol is used to synchronize a computer"s time with another reference time source. This package includes ntpd and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package, ntpdate is in the ntpdate package and sntp is ... oval:org.secpod.oval:def:1501243 The remote host is missing a patch containing a security fix, which affects the following package(s): ntp oval:org.secpod.oval:def:1600883 Ephemeral association time spoofing additional protectionntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim#039;s clo ... oval:org.secpod.oval:def:500652 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated a ... oval:org.secpod.oval:def:202202 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated a ... oval:org.secpod.oval:def:202075 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated a ... |