rpm package
opensuse/ntp&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ntp&distro=openSUSE%20Tumbleweed
Vulnerabilities (78)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26555 | — | < 4.2.8p17-1.1 | 4.2.8p17-1.1 | Apr 11, 2023 | praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. | ||
| CVE-2023-26551 | — | < 4.2.8p15-13.1 | 4.2.8p15-13.1 | Apr 11, 2023 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||
| CVE-2020-15025 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Jun 24, 2020 | ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | ||
| CVE-2020-13817 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Jun 4, 2020 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must | ||
| CVE-2018-8956 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | May 6, 2020 | ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a | ||
| CVE-2020-11868 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Apr 17, 2020 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. | ||
| CVE-2015-7851 | — | < 4.2.8p9-1.1 | 4.2.8p9-1.1 | Jan 28, 2020 | Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | ||
| CVE-2019-8936 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | May 15, 2019 | NTP through 4.2.8p12 has a NULL Pointer Dereference. | ||
| CVE-2018-12327 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Jun 20, 2018 | Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situa | ||
| CVE-2016-9042 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Jun 4, 2018 | An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will f | ||
| CVE-2018-7183 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Mar 8, 2018 | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | ||
| CVE-2018-7185 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Mar 6, 2018 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to res | ||
| CVE-2018-7184 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Mar 6, 2018 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of th | ||
| CVE-2018-7182 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Mar 6, 2018 | The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. | ||
| CVE-2018-7170 | — | < 4.2.8p15-7.2 | 4.2.8p15-7.2 | Mar 6, 2018 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists | ||
| CVE-2015-7871 | Cri | 9.8 | < 4.2.8p9-1.1 | 4.2.8p9-1.1 | Aug 7, 2017 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | |
| CVE-2015-7855 | Med | 6.5 | < 4.2.8p9-1.1 | 4.2.8p9-1.1 | Aug 7, 2017 | The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. | |
| CVE-2015-7854 | Hig | 8.8 | < 4.2.8p9-1.1 | 4.2.8p9-1.1 | Aug 7, 2017 | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. | |
| CVE-2015-7853 | Cri | 9.8 | < 4.2.8p9-1.1 | 4.2.8p9-1.1 | Aug 7, 2017 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. | |
| CVE-2015-7852 | Med | 5.9 | < 4.2.8p9-1.1 | 4.2.8p9-1.1 | Aug 7, 2017 | ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. |
- CVE-2023-26555Apr 11, 2023affected < 4.2.8p17-1.1fixed 4.2.8p17-1.1
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
- CVE-2023-26551Apr 11, 2023affected < 4.2.8p15-13.1fixed 4.2.8p15-13.1
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
- CVE-2020-15025Jun 24, 2020affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
- CVE-2020-13817Jun 4, 2020affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must
- CVE-2018-8956May 6, 2020affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a
- CVE-2020-11868Apr 17, 2020affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
- CVE-2015-7851Jan 28, 2020affected < 4.2.8p9-1.1fixed 4.2.8p9-1.1
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
- CVE-2019-8936May 15, 2019affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
NTP through 4.2.8p12 has a NULL Pointer Dereference.
- CVE-2018-12327Jun 20, 2018affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situa
- CVE-2016-9042Jun 4, 2018affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will f
- CVE-2018-7183Mar 8, 2018affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
- CVE-2018-7185Mar 6, 2018affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to res
- CVE-2018-7184Mar 6, 2018affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of th
- CVE-2018-7182Mar 6, 2018affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
- CVE-2018-7170Mar 6, 2018affected < 4.2.8p15-7.2fixed 4.2.8p15-7.2
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists
- affected < 4.2.8p9-1.1fixed 4.2.8p9-1.1
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
- affected < 4.2.8p9-1.1fixed 4.2.8p9-1.1
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
- affected < 4.2.8p9-1.1fixed 4.2.8p9-1.1
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
- affected < 4.2.8p9-1.1fixed 4.2.8p9-1.1
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
- affected < 4.2.8p9-1.1fixed 4.2.8p9-1.1
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
Page 1 of 4