rpm package
suse/ntp&distro=SUSE Linux Enterprise Server 12-LTSS
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7429 | Low | 3.7 | < 4.2.8p9-46.18.1 | 4.2.8p9-46.18.1 | Jan 13, 2017 | NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. | |
| CVE-2016-7428 | Med | 4.3 | < 4.2.8p9-46.18.1 | 4.2.8p9-46.18.1 | Jan 13, 2017 | ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. | |
| CVE-2016-7427 | Med | 4.3 | < 4.2.8p9-46.18.1 | 4.2.8p9-46.18.1 | Jan 13, 2017 | The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. | |
| CVE-2016-7426 | Hig | 7.5 | < 4.2.8p9-46.18.1 | 4.2.8p9-46.18.1 | Jan 13, 2017 | NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | |
| CVE-2016-1549 | Med | 6.5 | < 4.2.8p11-46.26.2 | 4.2.8p11-46.26.2 | Jan 6, 2017 | A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim' |
- affected < 4.2.8p9-46.18.1fixed 4.2.8p9-46.18.1
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
- affected < 4.2.8p9-46.18.1fixed 4.2.8p9-46.18.1
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
- affected < 4.2.8p9-46.18.1fixed 4.2.8p9-46.18.1
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
- affected < 4.2.8p9-46.18.1fixed 4.2.8p9-46.18.1
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
- affected < 4.2.8p11-46.26.2fixed 4.2.8p11-46.26.2
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim'
Page 2 of 2