rpm package
suse/ntp&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-26555 | — | < 4.2.8p17-103.1 | 4.2.8p17-103.1 | Apr 11, 2023 | praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. | ||
| CVE-2023-26554 | — | < 4.2.8p15-100.1 | 4.2.8p15-100.1 | Apr 11, 2023 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||
| CVE-2023-26553 | — | < 4.2.8p15-100.1 | 4.2.8p15-100.1 | Apr 11, 2023 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||
| CVE-2023-26552 | — | < 4.2.8p15-100.1 | 4.2.8p15-100.1 | Apr 11, 2023 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||
| CVE-2023-26551 | — | < 4.2.8p15-100.1 | 4.2.8p15-100.1 | Apr 11, 2023 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | ||
| CVE-2020-15025 | — | < 4.2.8p15-88.1 | 4.2.8p15-88.1 | Jun 24, 2020 | ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | ||
| CVE-2020-13817 | — | < 4.2.8p15-88.1 | 4.2.8p15-88.1 | Jun 4, 2020 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must | ||
| CVE-2018-8956 | — | < 4.2.8p15-88.1 | 4.2.8p15-88.1 | May 6, 2020 | ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a | ||
| CVE-2020-11868 | — | < 4.2.8p15-88.1 | 4.2.8p15-88.1 | Apr 17, 2020 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. |
- CVE-2023-26555Apr 11, 2023affected < 4.2.8p17-103.1fixed 4.2.8p17-103.1
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
- CVE-2023-26554Apr 11, 2023affected < 4.2.8p15-100.1fixed 4.2.8p15-100.1
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
- CVE-2023-26553Apr 11, 2023affected < 4.2.8p15-100.1fixed 4.2.8p15-100.1
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
- CVE-2023-26552Apr 11, 2023affected < 4.2.8p15-100.1fixed 4.2.8p15-100.1
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
- CVE-2023-26551Apr 11, 2023affected < 4.2.8p15-100.1fixed 4.2.8p15-100.1
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
- CVE-2020-15025Jun 24, 2020affected < 4.2.8p15-88.1fixed 4.2.8p15-88.1
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
- CVE-2020-13817Jun 4, 2020affected < 4.2.8p15-88.1fixed 4.2.8p15-88.1
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must
- CVE-2018-8956May 6, 2020affected < 4.2.8p15-88.1fixed 4.2.8p15-88.1
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a
- CVE-2020-11868Apr 17, 2020affected < 4.2.8p15-88.1fixed 4.2.8p15-88.1
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.