rpm package
suse/ntp&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/ntp&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-8936 | — | < 4.2.8p13-85.1 | 4.2.8p13-85.1 | May 15, 2019 | NTP through 4.2.8p12 has a NULL Pointer Dereference. | ||
| CVE-2018-12327 | — | < 4.2.8p12-64.8.2 | 4.2.8p12-64.8.2 | Jun 20, 2018 | Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situa | ||
| CVE-2018-7183 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 8, 2018 | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | ||
| CVE-2018-7185 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 6, 2018 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to res | ||
| CVE-2018-7184 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 6, 2018 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of th | ||
| CVE-2018-7182 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 6, 2018 | The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. | ||
| CVE-2018-7170 | — | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Mar 6, 2018 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists | ||
| CVE-2016-1549 | Med | 6.5 | < 4.2.8p11-64.5.1 | 4.2.8p11-64.5.1 | Jan 6, 2017 | A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim' |
- CVE-2019-8936May 15, 2019affected < 4.2.8p13-85.1fixed 4.2.8p13-85.1
NTP through 4.2.8p12 has a NULL Pointer Dereference.
- CVE-2018-12327Jun 20, 2018affected < 4.2.8p12-64.8.2fixed 4.2.8p12-64.8.2
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situa
- CVE-2018-7183Mar 8, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
- CVE-2018-7185Mar 6, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to res
- CVE-2018-7184Mar 6, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of th
- CVE-2018-7182Mar 6, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
- CVE-2018-7170Mar 6, 2018affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists
- affected < 4.2.8p11-64.5.1fixed 4.2.8p11-64.5.1
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim'