rpm package

suse/ntp&distro=SUSE Linux Enterprise Point of Sale 11 SP3

pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Vulnerabilities (15)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-8936		—	< 4.2.8p13-48.27.1	4.2.8p13-48.27.1	May 15, 2019	NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2018-12327		—	< 4.2.8p12-48.21.1	4.2.8p12-48.21.1	Jun 20, 2018	Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situa
CVE-2018-7170		—	< 4.2.8p12-48.21.1	4.2.8p12-48.21.1	Mar 6, 2018	ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists
CVE-2015-5219	Hig	7.5	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jul 21, 2017	The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
CVE-2015-8140	Med	4.8	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 30, 2017	The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVE-2015-8139	Med	5.3	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 30, 2017	ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
CVE-2016-9311	Med	5.9	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
CVE-2016-9310	Med	6.5	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVE-2016-7434	Hig	7.5	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-7433	Med	5.3	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
CVE-2016-7431	Med	5.3	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
CVE-2016-7429	Low	3.7	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
CVE-2016-7428	Med	4.3	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
CVE-2016-7427	Med	4.3	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
CVE-2016-7426	Hig	7.5	< 4.2.8p9-48.9.1	4.2.8p9-48.9.1	Jan 13, 2017	NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.

CVE-2019-8936May 15, 2019
affected < 4.2.8p13-48.27.1fixed 4.2.8p13-48.27.1
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2018-12327Jun 20, 2018
affected < 4.2.8p12-48.21.1fixed 4.2.8p12-48.21.1
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situa
CVE-2018-7170Mar 6, 2018
affected < 4.2.8p12-48.21.1fixed 4.2.8p12-48.21.1
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists
CVE-2015-5219HigJul 21, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
CVE-2015-8140MedJan 30, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVE-2015-8139MedJan 30, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
CVE-2016-9311MedJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
CVE-2016-9310MedJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVE-2016-7434HigJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-7433MedJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
CVE-2016-7431MedJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
CVE-2016-7429LowJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
CVE-2016-7428MedJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
CVE-2016-7427MedJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
CVE-2016-7426HigJan 13, 2017
affected < 4.2.8p9-48.9.1fixed 4.2.8p9-48.9.1
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.