rpm package
suse/ntp&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (52)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-8936 | — | < 4.2.8p13-85.1 | 4.2.8p13-85.1 | May 15, 2019 | NTP through 4.2.8p12 has a NULL Pointer Dereference. | ||
| CVE-2018-12327 | — | < 4.2.8p12-64.8.2 | 4.2.8p12-64.8.2 | Jun 20, 2018 | Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situa | ||
| CVE-2016-9042 | — | < 4.2.8p10-60.1 | 4.2.8p10-60.1 | Jun 4, 2018 | An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will f | ||
| CVE-2018-7183 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 8, 2018 | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | ||
| CVE-2018-7185 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 6, 2018 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to res | ||
| CVE-2018-7184 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 6, 2018 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of th | ||
| CVE-2018-7182 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 6, 2018 | The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. | ||
| CVE-2018-7170 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 6, 2018 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists | ||
| CVE-2015-7705 | Cri | 9.8 | < 4.2.8p7-11.1 | 4.2.8p7-11.1 | Aug 7, 2017 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |
| CVE-2015-7704 | Hig | 7.5 | < 4.2.8p7-11.1 | 4.2.8p7-11.1 | Aug 7, 2017 | The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | |
| CVE-2015-5300 | Hig | 7.5 | < 4.2.8p6-8.2 | 4.2.8p6-8.2 | Jul 21, 2017 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to | |
| CVE-2015-5219 | Hig | 7.5 | < 4.2.8p9-55.1 | 4.2.8p9-55.1 | Jul 21, 2017 | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |
| CVE-2017-6464 | Med | 6.5 | < 4.2.8p10-60.1 | 4.2.8p10-60.1 | Mar 27, 2017 | NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. | |
| CVE-2017-6463 | Med | 6.5 | < 4.2.8p10-60.1 | 4.2.8p10-60.1 | Mar 27, 2017 | NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. | |
| CVE-2017-6462 | Hig | 7.8 | < 4.2.8p10-60.1 | 4.2.8p10-60.1 | Mar 27, 2017 | Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. | |
| CVE-2017-6460 | Hig | 8.8 | < 4.2.8p10-60.1 | 4.2.8p10-60.1 | Mar 27, 2017 | Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. | |
| CVE-2017-6458 | Hig | 8.8 | < 4.2.8p10-60.1 | 4.2.8p10-60.1 | Mar 27, 2017 | Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | |
| CVE-2017-6451 | Hig | 7.8 | < 4.2.8p10-60.1 | 4.2.8p10-60.1 | Mar 27, 2017 | The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds mem | |
| CVE-2016-2519 | Med | 5.9 | < 4.2.8p7-11.1 | 4.2.8p7-11.1 | Jan 30, 2017 | ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. | |
| CVE-2016-2518 | Med | 5.3 | < 4.2.8p7-11.1 | 4.2.8p7-11.1 | Jan 30, 2017 | The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. |
- CVE-2019-8936May 15, 2019affected < 4.2.8p13-85.1fixed 4.2.8p13-85.1
NTP through 4.2.8p12 has a NULL Pointer Dereference.
- CVE-2018-12327Jun 20, 2018affected < 4.2.8p12-64.8.2fixed 4.2.8p12-64.8.2
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situa
- CVE-2016-9042Jun 4, 2018affected < 4.2.8p10-60.1fixed 4.2.8p10-60.1
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will f
- CVE-2018-7183Mar 8, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
- CVE-2018-7185Mar 6, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to res
- CVE-2018-7184Mar 6, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of th
- CVE-2018-7182Mar 6, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
- CVE-2018-7170Mar 6, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists
- affected < 4.2.8p7-11.1fixed 4.2.8p7-11.1
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
- affected < 4.2.8p7-11.1fixed 4.2.8p7-11.1
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
- affected < 4.2.8p6-8.2fixed 4.2.8p6-8.2
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to
- affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
- affected < 4.2.8p10-60.1fixed 4.2.8p10-60.1
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
- affected < 4.2.8p10-60.1fixed 4.2.8p10-60.1
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
- affected < 4.2.8p10-60.1fixed 4.2.8p10-60.1
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
- affected < 4.2.8p10-60.1fixed 4.2.8p10-60.1
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
- affected < 4.2.8p10-60.1fixed 4.2.8p10-60.1
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
- affected < 4.2.8p10-60.1fixed 4.2.8p10-60.1
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds mem
- affected < 4.2.8p7-11.1fixed 4.2.8p7-11.1
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
- affected < 4.2.8p7-11.1fixed 4.2.8p7-11.1
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
Page 1 of 3