rpm package
suse/ntp&distro=SUSE Linux Enterprise Desktop 11 SP4
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-7851 | — | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Jan 28, 2020 | Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | ||
| CVE-2015-7871 | Cri | 9.8 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | |
| CVE-2015-7855 | Med | 6.5 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. | |
| CVE-2015-7854 | Hig | 8.8 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. | |
| CVE-2015-7853 | Cri | 9.8 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. | |
| CVE-2015-7852 | Med | 5.9 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | |
| CVE-2015-7850 | Med | 6.5 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. | |
| CVE-2015-7849 | Hig | 8.8 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. | |
| CVE-2015-7705 | Cri | 9.8 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |
| CVE-2015-7704 | Hig | 7.5 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | |
| CVE-2015-7702 | Med | 6.5 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |
| CVE-2015-7701 | Hig | 7.5 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). | |
| CVE-2015-7692 | Hig | 7.5 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |
| CVE-2015-7691 | Hig | 7.5 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Aug 7, 2017 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014- | |
| CVE-2015-7703 | Hig | 7.5 | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Jul 24, 2017 | The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote co | |
| CVE-2015-7848 | — | < 4.2.8p4-5.1 | 4.2.8p4-5.1 | Jan 6, 2017 | An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP dae |
- CVE-2015-7851Jan 28, 2020affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-
- affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote co
- CVE-2015-7848Jan 6, 2017affected < 4.2.8p4-5.1fixed 4.2.8p4-5.1
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP dae