rpm package

suse/ntp&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Vulnerabilities (29)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-9310	Med	6.5	< 4.2.8p9-55.1	4.2.8p9-55.1	Jan 13, 2017	The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVE-2016-7434	Hig	7.5	< 4.2.8p9-55.1	4.2.8p9-55.1	Jan 13, 2017	The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-7433	Med	5.3	< 4.2.8p9-55.1	4.2.8p9-55.1	Jan 13, 2017	NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
CVE-2016-7431	Med	5.3	< 4.2.8p9-55.1	4.2.8p9-55.1	Jan 13, 2017	NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
CVE-2016-7429	Low	3.7	< 4.2.8p9-55.1	4.2.8p9-55.1	Jan 13, 2017	NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
CVE-2016-7428	Med	4.3	< 4.2.8p9-55.1	4.2.8p9-55.1	Jan 13, 2017	ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
CVE-2016-7427	Med	4.3	< 4.2.8p9-55.1	4.2.8p9-55.1	Jan 13, 2017	The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
CVE-2016-7426	Hig	7.5	< 4.2.8p9-55.1	4.2.8p9-55.1	Jan 13, 2017	NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2016-1549	Med	6.5	< 4.2.8p11-64.5.1	4.2.8p11-64.5.1	Jan 6, 2017	A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim'

CVE-2016-9310MedJan 13, 2017
affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVE-2016-7434HigJan 13, 2017
affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-7433MedJan 13, 2017
affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
CVE-2016-7431MedJan 13, 2017
affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
CVE-2016-7429LowJan 13, 2017
affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
CVE-2016-7428MedJan 13, 2017
affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
CVE-2016-7427MedJan 13, 2017
affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
CVE-2016-7426HigJan 13, 2017
affected < 4.2.8p9-55.1fixed 4.2.8p9-55.1
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2016-1549MedJan 6, 2017
affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim'

Page 2 of 2