by Ntp
CVEs (48)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-7853 | Cri | 0.67 | 9.8 | 0.41 | Aug 7, 2017 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. | |
| CVE-2015-7705 | Cri | 0.66 | 9.8 | 0.31 | Aug 7, 2017 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |
| CVE-2015-7854 | Hig | 0.58 | 8.8 | 0.04 | Aug 7, 2017 | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. | |
| CVE-2017-6458 | Hig | 0.58 | 8.8 | 0.11 | Mar 27, 2017 | Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | |
| CVE-2017-6460 | Hig | 0.57 | 8.8 | 0.02 | Mar 27, 2017 | Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. | |
| CVE-2016-4957 | Hig | 0.53 | 7.5 | 0.59 | Jul 5, 2016 | ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. | |
| CVE-2015-7978 | Hig | 0.52 | 7.5 | 0.43 | Jan 30, 2017 | NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. | |
| CVE-2017-6462 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2017 | Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. | |
| CVE-2017-6452 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2017 | Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. | |
| CVE-2017-6451 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2017 | The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. | |
| CVE-2015-7974 | Hig | 0.51 | 7.7 | 0.11 | Jan 26, 2016 | NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |
| CVE-2015-3405 | Hig | 0.50 | 7.5 | 0.17 | Aug 9, 2017 | ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | |
| CVE-2016-9312 | Hig | 0.50 | 7.5 | 0.20 | Jan 13, 2017 | ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | |
| CVE-2016-4953 | Hig | 0.50 | 7.5 | 0.14 | Jul 5, 2016 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | |
| CVE-2015-5219 | Hig | 0.49 | 7.5 | 0.02 | Jul 21, 2017 | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | |
| CVE-2015-5195 | Hig | 0.49 | 7.5 | 0.08 | Jul 21, 2017 | ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | |
| CVE-2015-5194 | Hig | 0.49 | 7.5 | 0.08 | Jul 21, 2017 | The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | |
| CVE-2015-7979 | Hig | 0.49 | 7.5 | 0.04 | Jan 30, 2017 | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. | |
| CVE-2016-4954 | Hig | 0.49 | 7.5 | 0.05 | Jul 5, 2016 | The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | |
| CVE-2016-1548 | Hig | 0.47 | 7.2 | 0.05 | Jan 6, 2017 | An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. |