rpm package
suse/ntp&distro=SUSE Linux Enterprise Desktop 12
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
Vulnerabilities (47)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4954 | Hig | 7.5 | < 4.2.8p8-46.8.1 | 4.2.8p8-46.8.1 | Jul 5, 2016 | The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrec | |
| CVE-2016-4953 | Hig | 7.5 | < 4.2.8p8-46.8.1 | 4.2.8p8-46.8.1 | Jul 5, 2016 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | |
| CVE-2015-7974 | Hig | 7.7 | < 4.2.8p6-46.5.2 | 4.2.8p6-46.5.2 | Jan 26, 2016 | NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |
| CVE-2015-1799 | — | < 4.2.6p5-44.1 | 4.2.6p5-44.1 | Apr 8, 2015 | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization l | ||
| CVE-2015-1798 | — | < 4.2.6p5-44.1 | 4.2.6p5-44.1 | Apr 8, 2015 | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. | ||
| CVE-2014-9294 | — | < 4.2.6p5-37.2 | 4.2.6p5-37.2 | Dec 20, 2014 | util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||
| CVE-2014-9293 | — | < 4.2.6p5-37.2 | 4.2.6p5-37.2 | Dec 20, 2014 | The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. |
- affected < 4.2.8p8-46.8.1fixed 4.2.8p8-46.8.1
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrec
- affected < 4.2.8p8-46.8.1fixed 4.2.8p8-46.8.1
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
- affected < 4.2.8p6-46.5.2fixed 4.2.8p6-46.5.2
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
- CVE-2015-1799Apr 8, 2015affected < 4.2.6p5-44.1fixed 4.2.6p5-44.1
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization l
- CVE-2015-1798Apr 8, 2015affected < 4.2.6p5-44.1fixed 4.2.6p5-44.1
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
- CVE-2014-9294Dec 20, 2014affected < 4.2.6p5-37.2fixed 4.2.6p5-37.2
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
- CVE-2014-9293Dec 20, 2014affected < 4.2.6p5-37.2fixed 4.2.6p5-37.2
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Page 3 of 3