rpm package
suse/ntp&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (64)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1799 | — | < 4.2.6p5-44.1 | 4.2.6p5-44.1 | Apr 8, 2015 | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization l | ||
| CVE-2015-1798 | — | < 4.2.6p5-44.1 | 4.2.6p5-44.1 | Apr 8, 2015 | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. | ||
| CVE-2014-9294 | — | < 4.2.6p5-37.2 | 4.2.6p5-37.2 | Dec 20, 2014 | util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||
| CVE-2014-9293 | — | < 4.2.6p5-37.2 | 4.2.6p5-37.2 | Dec 20, 2014 | The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. |
- CVE-2015-1799Apr 8, 2015affected < 4.2.6p5-44.1fixed 4.2.6p5-44.1
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization l
- CVE-2015-1798Apr 8, 2015affected < 4.2.6p5-44.1fixed 4.2.6p5-44.1
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
- CVE-2014-9294Dec 20, 2014affected < 4.2.6p5-37.2fixed 4.2.6p5-37.2
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
- CVE-2014-9293Dec 20, 2014affected < 4.2.6p5-37.2fixed 4.2.6p5-37.2
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Page 4 of 4