Vulnerabilites related to ntp - ntp
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.ntp.org/bin/view/Main/NtpBug3382 | Vendor Advisory | |
| cve@mitre.org | http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/97076 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1038123 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.apple.com/HT208144 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ntp.org/bin/view/Main/NtpBug3382 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97076 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038123 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT208144 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes."
},
{
"lang": "es",
"value": "El instalador de Windows para NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a trav\u00e9s de vectores relacionados con un argumento con m\u00faltiples bytes nulos."
}
],
"id": "CVE-2017-6459",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3382"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97076"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-08 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E538FCAE-3E2C-4EA8-A74F-ABF47652C15C",
"versionEndIncluding": "4.2.7p444",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC."
},
{
"lang": "es",
"value": "La caracter\u00edstica symmetric-key en la funci\u00f3n receive en ntp_proto.c en ntpd en NTP 4.x anterior a 4.2.8p2 requiere un MAC correcto \u00fanicamente si el campo MAC tiene una longitud que no sea cero, lo que facilita a atacantes man-in-the-middle falsificar paquetes mediante la omisi\u00f3n del MAC."
}
],
"id": "CVE-2015-1798",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.2,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-08T10:59:04.610",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2779"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "secalert@redhat.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"source": "secalert@redhat.com",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38276"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73951"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1032032"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"source": "secalert@redhat.com",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10114"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201509-01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10."
},
{
"lang": "es",
"value": "el m\u00e9todo ctl_getitem en ntpd en ntp, en versiones 4.2.8p6 anteriores a la 4.2.8p11 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) mediante un paquete mode 6 manipulado con una instancia ntpd desde la versi\u00f3n 4.2.8p6 hasta la 4.2.8p10."
}
],
"id": "CVE-2018-7182",
"lastModified": "2024-11-21T04:11:44.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-06T20:29:01.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103191"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45846/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45846/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
},
{
"lang": "es",
"value": "La funci\u00f3n crypto_xmit en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-9750."
}
],
"id": "CVE-2015-7702",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77286"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| oracle | solaris | 10 | |
| oracle | solaris | 11.3 | |
| suse | manager | 2.1 | |
| suse | manager_proxy | 2.1 | |
| suse | openstack_cloud | 5 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise_desktop | 12 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 12 | |
| siemens | simatic_net_cp_443-1_opc_ua_firmware | * | |
| siemens | simatic_net_cp_443-1_opc_ua | - | |
| siemens | tim_4r-ie_firmware | * | |
| siemens | tim_4r-ie | - | |
| siemens | tim_4r-ie_dnp3_firmware | * | |
| siemens | tim_4r-ie_dnp3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "863751A2-A97F-47CD-8D57-6D60E6F3593D",
"versionEndExcluding": "4.3.93",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
},
{
"lang": "es",
"value": "La funci\u00f3n process_packet en ntp_proto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (modificaci\u00f3n de par variable) enviando paquetes falsificados desde muchas direcciones IP de origen en un determinado escenario, seg\u00fan lo demostrado desencadenando una indicaci\u00f3n de salto incorrecta."
}
],
"id": "CVE-2016-4954",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-05T01:59:01.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3044"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/321640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-15 16:29
Modified
2024-11-21 04:50
Severity ?
Summary
NTP through 4.2.8p12 has a NULL Pointer Dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netapp | clustered_data_ontap | * | |
| netapp | data_ontap | - | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 42.3 | |
| hpe | hpux-ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C68F28EC-4283-4A8D-83CD-E69B2A85B0C4",
"versionEndExcluding": "9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A1FDA7-BE46-4FAB-A3FD-9A40C770C4AB",
"versionEndExcluding": "c.4.2.8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F",
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
},
{
"lang": "es",
"value": "NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL."
}
],
"id": "CVE-2019-8936",
"lastModified": "2024-11-21T04:50:41.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-15T16:29:01.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4563-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4563-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
},
{
"lang": "es",
"value": "La funci\u00f3n crypto_xmit en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-9750."
}
],
"id": "CVE-2015-7692",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77285"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-24 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command."
},
{
"lang": "es",
"value": "Las directivas \"pidfile\" o \"driftfile\" en NTP ntpd versi\u00f3n 4.2.x anterior a 4.2.8p4, y versi\u00f3n 4.3.x anterior a 4.3.77, cuando ntpd est\u00e1 configurado para permitir la configuraci\u00f3n remota, permite a los atacantes remotos con una direcci\u00f3n IP que puede enviar peticiones de configuraci\u00f3n y con el conocimiento de la contrase\u00f1a de configuraci\u00f3n remota, escribir en archivos arbitrarios mediante el comando :config."
}
],
"id": "CVE-2015-7703",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-24T14:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2902"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77278"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254547"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-01-07 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94D9BEE4-25C2-4147-B075-50F46113F59E",
"versionEndIncluding": "4.2.4p4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "088BFFA4-1AAB-4699-9793-F731A81B296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3475779-383A-4128-9145-474EC08030FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B980A178-2958-4B36-8AD8-3932B12C5A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D65210A-F80E-4019-91DA-49838369E03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FAB224-3493-4273-A655-10BE44F5B5BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077."
},
{
"lang": "es",
"value": "NTP versiones 4.2.4 anteriores a 4.2.4p5 y versiones 4.2.5 anteriores a 4.2.5p150, no comprueba apropiadamente el valor devuelto de la funci\u00f3n EVP_VerifyFinal de OpenSSL, que permite a los atacantes remotos omitir la comprobaci\u00f3n de la cadena de certificados por medio de una firma de SSL/TLS malformada para las claves DSA y ECDSA, una vulnerabilidad similar a CVE-2008-5077."
}
],
"evaluatorComment": "Note that versions 4.2.5 before 4.2.5p150 are development versions and not production versions. Development versions are not included in the CPE configuration for CVEs.",
"id": "CVE-2009-0021",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-07T17:30:00.360",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33406"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33558"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33648"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34642"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.531177"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ocert.org/advisories/ocert-2008-016.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0046.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1021533"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0042"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.ntp.org/pipermail/announce/2009-January/000055.html"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.531177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0046.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.ntp.org/pipermail/announce/2009-January/000055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10035"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntpsec:ntpsec:a5fb34b9cc89b92a8fef2f459004865c93bb7f92:*:*:*:*:*:*:*",
"matchCriteriaId": "5765FE6F-2E10-4712-8FD7-EA982572FB17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker."
},
{
"lang": "es",
"value": "ntpd en NTP 4.2.8p3 y NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 conf\u00eda en el sistema operativo subyacente para protegerlo de las solicitudes que suplantan relojes de referencia. Debido a que los relojes de referencia son tratados como otros pares y almacenados en la misma estructura, cualquier paquete con una direcci\u00f3n IP de origen de un reloj de referencia (127.127.1.1 por ejemplo) que alcance la funci\u00f3n receive() coincidir\u00e1 con el registro de par de referencia clock\u0027s y ser\u00e1 tratado como un par de confianza. Cualquier sistema que carezca del t\u00edpico filtrado de paquetes marcianos que bloquear\u00eda estos paquetes est\u00e1 en peligro de tener su tiempo controlado por un atacante."
}
],
"id": "CVE-2016-1551",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-27T17:59:00.227",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88219"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0132/"
},
{
"source": "cret@cert.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cret@cert.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0132/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets."
},
{
"lang": "es",
"value": "Una vulnerabilidad use-after-free en ntpd en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que atacantes remotos autenticados tengan la posibilidad de ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio utilizando paquetes manipulados."
}
],
"id": "CVE-2015-7849",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2916"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77276"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274257"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-18 22:29
Modified
2024-11-21 04:20
Severity ?
Summary
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07C904EB-F926-42EC-8AE1-FC2A3BF4FD66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks."
},
{
"lang": "es",
"value": "Network Time Protocol (NTP), tal y como se especifica en el RFC 5905, utiliza el puerto 123 incluso para los modos en los que no se requiere un n\u00famero de puerto fijo, lo que facilita a los atacantes remotos la realizaci\u00f3n de ataques fuera de ruta."
}
],
"id": "CVE-2019-11331",
"lastModified": "2024-11-21T04:20:54.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-18T22:29:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/108010"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K09940637"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K09940637?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/108010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K09940637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K09940637?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
"matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
"versionEndIncluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values."
},
{
"lang": "es",
"value": "La funci\u00f3n getresponse en ntpq en NTP versiones anteriores a 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.90 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de paquetes creados con valores incorrectos."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/835.html\"\u003eCWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\u003c/a\u003e",
"id": "CVE-2015-8158",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.973",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2948"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81814"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*",
"matchCriteriaId": "E2CF4922-E481-4C5B-9A34-F439D9C727FE",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors."
},
{
"lang": "es",
"value": "ntpq en NTP en versiones anteriores a 4.2.8p7 permite a atacantes remotos obtener timestamps de origen y luego suplantar a sus pares a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-8139",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2946"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82105"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/82105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-24 19:15
Modified
2024-11-21 05:04
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| netapp | cloud_backup | - | |
| netapp | steelstore_cloud_integrated_storage | - | |
| netapp | 8300_firmware | - | |
| netapp | 8300 | - | |
| netapp | 8700_firmware | - | |
| netapp | 8700 | - | |
| netapp | a400_firmware | - | |
| netapp | a400 | - | |
| netapp | h410c_firmware | - | |
| netapp | h410c | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h300e_firmware | - | |
| netapp | h300e | - | |
| netapp | h500e_firmware | - | |
| netapp | h500e | - | |
| netapp | h700e_firmware | - | |
| netapp | h700e | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| oracle | zfs_storage_appliance_kit | 8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2AD7F7-3409-42C7-B52F-2167267DBA93",
"versionEndExcluding": "4.3.101",
"versionStartIncluding": "4.3.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*",
"matchCriteriaId": "E0CE4157-852B-42ED-A77C-8A17B189432E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p14:*:*:*:*:*:*",
"matchCriteriaId": "723EDAFC-9108-49F8-B8A3-1ED8E7BB9FE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E73901F-666D-4D8B-BDFD-93DD2F70C74B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FD5AED-42CF-4918-B32C-D675738EF15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34B25BEF-8708-4E2C-8BA6-EBCD5267EB04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0F11D2-B5D9-46B4-BFC5-C86BC87D516A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E3BD77-8915-4FFC-8483-5DB5D610F829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97E94ECB-BB51-4364-BEDD-8648C193196F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file."
},
{
"lang": "es",
"value": "ntpd en ntp versi\u00f3n 4.2.8 versiones anteriores a 4.2.8p15 y versiones 4.3.x anteriores a 4.3.101, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de la memoria) mediante el env\u00edo de paquetes, porque la memoria no es liberada en situaciones donde se usa una clave CMAC y est\u00e1 asociada con un algoritmo CMAC en el archivo ntp.keys"
}
],
"id": "CVE-2020-15025",
"lastModified": "2024-11-21T05:04:38.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-24T19:15:10.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/729458"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.ntp.org/bin/view/Main/NtpBug3661"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/729458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.ntp.org/bin/view/Main/NtpBug3661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 21:15
Modified
2025-02-11 21:15
Severity ?
6.4 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*",
"matchCriteriaId": "D300A755-9809-4469-8C08-20CB451C83A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver."
}
],
"id": "CVE-2023-26555",
"lastModified": "2025-02-11T21:15:11.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T21:15:21.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| hpe | hpux-ntp | * | |
| apple | mac_os_x | * | |
| siemens | simatic_net_cp_443-1_opc_ua_firmware | * | |
| siemens | simatic_net_cp_443-1_opc_ua | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F",
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3505DE7A-B365-4455-A7BC-474019426C46",
"versionEndExcluding": "4.3.94",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A1FDA7-BE46-4FAB-A3FD-9A40C770C4AB",
"versionEndExcluding": "c.4.2.8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64CBADD5-9C10-4D8F-9844-B6FB82695786",
"versionEndExcluding": "10.13",
"versionStartIncluding": "10.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en las funciones ctl_put * en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permiten a usuarios remotos autenticados tener un impacto no especificado a trav\u00e9s de una variable larga."
}
],
"id": "CVE-2017-6458",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.633",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97051"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208144"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/kb/HT208144"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K99254031"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K99254031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la funcionalidad de gesti\u00f3n de contrase\u00f1as en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que usuarios remotos autenticados provoquen una denegaci\u00f3n de servicio o la posibilidad de ejecutar c\u00f3digo arbitrario empleando un archivo de claves manipulado."
}
],
"id": "CVE-2015-7854",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2921"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77277"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274263"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-26 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| siemens | tim_4r-ie_firmware | * | |
| siemens | tim_4r-ie | - | |
| siemens | tim_4r-ie_dnp3_firmware | * | |
| siemens | tim_4r-ie_dnp3 | - | |
| netapp | clustered_data_ontap | - | |
| netapp | oncommand_balance | - | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3207DA93-AFE7-45D8-90DA-A12F6AB76293",
"versionEndExcluding": "4.3.90",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\""
},
{
"lang": "es",
"value": "NTP 4.x en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no verifica las asociaciones del par de las claves sim\u00e9tricas cuando autentica paquetes, lo que podr\u00eda permitir a atacante remotos llevar a cabo ataques de suplantaci\u00f3n de identidad a trav\u00e9s de una clave de confianza arbitraria, tambi\u00e9n conocida como \"skeleton key\"."
}
],
"id": "CVE-2015-7974",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-26T19:59:00.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81960"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0071/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0071/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-20 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E63507D-C475-4379-85A5-185F19BEDCEE",
"versionEndIncluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en ntpd en NTP anterior a 4.2.8, permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo arbitrario mediante un paquete manipulado, relacionado con (1) la funci\u00f3n crypto_recv cuando se utiliza la caracter\u00edstica Autokey Authentication, (2) la funci\u00f3n ctl_putdata y (3) la funci\u00f3n de configuraci\u00f3n."
}
],
"id": "CVE-2014-9295",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-20T02:59:02.693",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acf55dxKfhb6MuYQwzu8eDlS97g"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2667"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2668"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2669"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62209"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71761"
},
{
"source": "cve@mitre.org",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037"
},
{
"source": "cve@mitre.org",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "cve@mitre.org",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"source": "cve@mitre.org",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"source": "cve@mitre.org",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"source": "cve@mitre.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acf55dxKfhb6MuYQwzu8eDlS97g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| oracle | solaris | 10 | |
| oracle | solaris | 11.3 | |
| suse | manager_proxy | 2.1 | |
| suse | openstack_cloud | 5 | |
| novell | suse_manager | 2.1 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise_desktop | 12 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 12 | |
| siemens | simatic_net_cp_443-1_opc_ua_firmware | * | |
| siemens | simatic_net_cp_443-1_opc_ua | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "863751A2-A97F-47CD-8D57-6D60E6F3593D",
"versionEndExcluding": "4.3.93",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "514646C5-C5D4-487E-8950-B3A2B1DE8EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
},
{
"lang": "es",
"value": "ntpd en NTP 4.x en versiones anteriores a 4.2.8p8, cuando est\u00e1 habilitada la autoclave, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (limpiando el par variable y corte de asociaci\u00f3n) enviando (1) un paquete crypto-NAK manipulado o (2) un paquete con un valor MAC incorrecto en un momento determinado."
}
],
"id": "CVE-2016-4955",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-05T01:59:02.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3043"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91007"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/321640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94, cuando se utiliza PPSAPI, permite a usuarios locales obtener privilegios a trav\u00e9s de un DLL en la variable de entorno PPSAPI_DLLS"
}
],
"id": "CVE-2017-6455",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3384"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97074"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-08 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E538FCAE-3E2C-4EA8-A74F-ABF47652C15C",
"versionEndIncluding": "4.2.7p444",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer."
},
{
"lang": "es",
"value": "La caracter\u00edstica symmetric-key en la funci\u00f3n receive en ntp_proto.c en ntpd en NTP 3.x y 4.x anterior a 4.2.8p2 realiza actualizaciones de las variables de estados al recibir ciertos paquetes inv\u00e1lidos, lo que facilita a atacantes man-in-the-middle causar una denegaci\u00f3n de servicio (perdida de sincronizaci\u00f3n) mediante la falsificaci\u00f3n de la direcci\u00f3n del IP de fuente de un par."
}
],
"id": "CVE-2015-1799",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-08T10:59:05.717",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2781"
},
{
"source": "secalert@redhat.com",
"url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=145750740530849\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "secalert@redhat.com",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"source": "secalert@redhat.com",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38275"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3222"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/73950"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1032031"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"source": "secalert@redhat.com",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10114"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=145750740530849\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT204942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201509-01"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*",
"matchCriteriaId": "72A23255-B135-4A4C-A2BA-A93026C0F520",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p9 cambia la estructura de los pares a la interfaz que recibe la respuesta de una fuente, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (prevenir la comunicaci\u00f3n con una fuente) enviando una respuesta para una fuente a una interfaz que la fuente no utiliza."
}
],
"id": "CVE-2016-7429",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3072"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94453"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-18"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad explotable en el mensaje de autenticaci\u00f3n de la funci\u00f3n del libntp en ntp 4.2.8p4 y NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. Un atacante puede enviar series de mensajes manipulados para intentar el mensaje de direcci\u00f3n de clave."
}
],
"id": "CVE-2016-1550",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.413",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cret@cert.org",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "cret@cert.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/88261"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cret@cert.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0084/"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cret@cert.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "cret@cert.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cret@cert.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cret@cert.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cret@cert.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cret@cert.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cret@cert.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cret@cert.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
},
{
"source": "cret@cert.org",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cret@cert.org",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "cret@cert.org",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/88261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0084/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet."
},
{
"lang": "es",
"value": "La funcionalidad de prevenci\u00f3n de repetici\u00f3n del modo de difusi\u00f3n en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (rechazar paquetes de modo de difusi\u00f3n) a trav\u00e9s de un paquete de modo de difusi\u00f3n manipulado."
}
],
"id": "CVE-2016-7427",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3114"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94447"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption)."
},
{
"lang": "es",
"value": "Una fuga de memoria en la funci\u00f3n CRYPTO_ASSOC en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (consumo de memoria)."
}
],
"id": "CVE-2015-7701",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2909"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77281"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274255"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-21 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 6.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| ntp | ntp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p111:*:*:*:*:*:*",
"matchCriteriaId": "6A000FAF-D608-42CE-A557-87DD26581BD7",
"versionEndIncluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation."
},
{
"lang": "es",
"value": "ntp_openssl.m4 en ntpd en NTP anterior a 4.2.7p112, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) por medio de un comando de configuraci\u00f3n statistics o filegen creadas que no est\u00e1 habilitado durante la compilaci\u00f3n."
}
],
"id": "CVE-2015-5195",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-21T14:29:00.820",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76474"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254544"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9B114E-15BF-4731-9296-A8F82591B418",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3505DE7A-B365-4455-A7BC-474019426C46",
"versionEndExcluding": "4.3.94",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:*",
"matchCriteriaId": "EA207F59-B630-4BBB-9CD7-BA7B64581907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:*",
"matchCriteriaId": "06AE2082-B219-4E94-89E8-E1328224C9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:*",
"matchCriteriaId": "6E0F5656-3E41-4568-A810-F2CFA3677488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:*",
"matchCriteriaId": "934152EB-5F5A-4BD8-B832-3B342551F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:*",
"matchCriteriaId": "6936BEB5-B765-45C5-B671-A9D0CC4988C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:*",
"matchCriteriaId": "BAA1E4CD-45EE-4814-AC6B-DE786C5B3B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:*",
"matchCriteriaId": "95779DD0-C768-4B1C-A720-23BE19606B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:*",
"matchCriteriaId": "1B035472-2B64-4BE4-8D25-6E31937641E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:*",
"matchCriteriaId": "3CE88876-F0BB-43A1-9A4A-91C5D6FFC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:*",
"matchCriteriaId": "4E4BE466-B479-47BA-9A1F-F0184E252103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:*",
"matchCriteriaId": "4E6D7F8F-EF71-44E6-B33F-E0265266C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:*",
"matchCriteriaId": "AC47FB1E-289A-4AA1-9DF1-0CEE13C9335F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:*",
"matchCriteriaId": "B7BC8DB4-E715-44F1-8759-0414613C9F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p216:*:*:*:*:*:*",
"matchCriteriaId": "5AF5BC27-EE65-4FB4-975E-FA3933B3202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p217:*:*:*:*:*:*",
"matchCriteriaId": "795D50A9-41E5-40CE-88E9-391229607301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p218:*:*:*:*:*:*",
"matchCriteriaId": "1DE4338B-F5B3-4410-886D-0F28A7ECE824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p219:*:*:*:*:*:*",
"matchCriteriaId": "B1463DC6-D0C7-46E6-8418-B7900C99D079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p220:*:*:*:*:*:*",
"matchCriteriaId": "C5B7AA5B-2BD5-4F19-A8BB-DF4677995602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p221:*:*:*:*:*:*",
"matchCriteriaId": "DBCF724B-5018-4794-97D9-D8EDC2F04060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p222:*:*:*:*:*:*",
"matchCriteriaId": "2A62EAF1-3D51-456F-BBE3-A2E8CBE7960D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p223:*:*:*:*:*:*",
"matchCriteriaId": "67D86D6C-A8A3-4CD4-B1A5-57941B51C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p224:*:*:*:*:*:*",
"matchCriteriaId": "E793243F-4179-46C9-B422-DC3D6E688B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p225:*:*:*:*:*:*",
"matchCriteriaId": "6EAC9B6E-3A88-4DED-A5D4-862E076620BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p226:*:*:*:*:*:*",
"matchCriteriaId": "AD8E8B74-6E16-47FF-A019-54B0438A8CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p227:*:*:*:*:*:*",
"matchCriteriaId": "3C210EFA-7BF2-4EEE-B59C-F3C75743E182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p228:*:*:*:*:*:*",
"matchCriteriaId": "23A9CDE2-4520-4542-93B0-74A01E919597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p229:*:*:*:*:*:*",
"matchCriteriaId": "94A7790A-DACE-4F02-B2FF-2C851EFD9717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p230:*:*:*:*:*:*",
"matchCriteriaId": "5ED47A47-3CB2-45CC-8147-CFFE0B93D966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1:*:*:*:*:*:*",
"matchCriteriaId": "4FC2172C-73BD-441D-9963-5C9E89FB68F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1:*:*:*:*:*:*",
"matchCriteriaId": "485C8744-A185-46EB-B27F-8A42ED76964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1:*:*:*:*:*:*",
"matchCriteriaId": "C01153E2-A4E3-4EF9-A33E-1026F578CB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1:*:*:*:*:*:*",
"matchCriteriaId": "505CE414-C5E5-4251-9F02-A8A0DA6C0E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1:*:*:*:*:*:*",
"matchCriteriaId": "607E83FB-FDB7-49CA-9DA9-B8DA43C3DF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1:*:*:*:*:*:*",
"matchCriteriaId": "864BA14B-B357-4ADD-BCE1-B2EAE4D299FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2856AAB8-172F-4657-85FF-9FFB698C4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C2B8290-8AD6-4EDD-9736-730DD33CA73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A509FC81-ABFD-4CE1-ABD6-C47ECCF97892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7111A1FB-142C-4538-BC96-F71AEDC0FB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB54C36C-F07A-4F99-A093-8EF10689E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD57B6E4-9947-4790-BCAF-30B37C7CB837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1:*:*:*:*:*:*",
"matchCriteriaId": "232170D9-923D-4DA5-9A7D-6A5BDCD37165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0BE1B30-DB6E-4029-8212-035449CEE22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1:*:*:*:*:*:*",
"matchCriteriaId": "3181F3BF-8704-4D54-ABC4-CB68C89AF52D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61A5F5E-8DCC-4809-A2DE-E39C8E01976F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D2E80CD-0EAA-423B-B885-EDC5BFE962BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1:*:*:*:*:*:*",
"matchCriteriaId": "11F45456-692B-415D-BDBF-BA639AA622BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1:*:*:*:*:*:*",
"matchCriteriaId": "FCEF3E6A-48C3-4A00-B286-58E642DE5928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CE352E5-DFFC-4580-9D5E-95EE7A5C2BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C771C48E-2B29-491D-8FF0-69D81229465D",
"versionEndExcluding": "c.4.2.8.2.0",
"versionStartIncluding": "b.11.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p9 limita la clasificaci\u00f3n de respuestas recibidas desde las fuentes configuradas cuando la limitaci\u00f3n de clasificaci\u00f3n para todas las asociaciones est\u00e1 habilitado, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (prevenir las respuestas de las fuentes) enviando respuestas con una direcci\u00f3n de origen suplantada."
}
],
"id": "CVE-2016-7426",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94451"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| oracle | linux | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field."
},
{
"lang": "es",
"value": "ntp_crypto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p1, cuando Autokey Authentication est\u00e1 habilitada, permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria de proceso o causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un paquete que contiene un campo extension con un valor no v\u00e1lido para la longitud de su campo de valor."
}
],
"id": "CVE-2014-9750",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-06T01:59:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2671"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72583"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets."
},
{
"lang": "es",
"value": "ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio empleando paquetes de respuesta en modo 6 manipulados."
}
],
"id": "CVE-2015-7852",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2919"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77288"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-08 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| freebsd | freebsd | 10.3 | |
| freebsd | freebsd | 10.4 | |
| freebsd | freebsd | 11.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| netapp | element_software | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E102E760-362C-4DC7-BDED-E2CF9F94ECE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5B9266-A927-4F62-8742-721CE9A4C4C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5753931-556B-4EEC-B510-751BA3613CE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n decodearr en ntpq en ntp, desde la versi\u00f3n 4.2.8p6 hasta la 4.2.8p10, permite que atacantes remotos ejecuten c\u00f3digo arbitrario aprovechando una consulta ntpq y enviando una respuesta con un array manipulado."
}
],
"id": "CVE-2018-7183",
"lastModified": "2024-11-21T04:11:44.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-08T20:29:00.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103351"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*",
"matchCriteriaId": "E2CF4922-E481-4C5B-9A34-F439D9C727FE",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value."
},
{
"lang": "es",
"value": "Ntpd en NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (ntpd abort) por un gran petici\u00f3n de valores de datos, lo que activa la funci\u00f3n ctl_getitem para devolver un valor NULL."
}
],
"id": "CVE-2016-2519",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:01.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88204"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*",
"matchCriteriaId": "E2CF4922-E481-4C5B-9A34-F439D9C727FE",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network."
},
{
"lang": "es",
"value": "El protocolo ntpq en NTP en versiones anteriores a 4.2.8p7 permite a los atacantes remotos realizar ataques de repetici\u00f3n para rastrear la red."
}
],
"id": "CVE-2015-8140",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2947"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."
},
{
"lang": "es",
"value": "Un atacante puede suplantar un paquete de un servidor ntpd leg\u00edtimo con una marca de tiempo de origen que coincida con la marca de tiempo peer-\u003edst registrada para ese servidor. Despu\u00e9s de hacer este cambio, el cliente en NTP 4.2.8p4 y versiones anteriores y NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c rechazar\u00e1n todas las futuras respuestas leg\u00edtimas del servidor. Es posible forzar al cliente v\u00edctima a mover el tiempo despu\u00e9s de que el modo haya sido cambiado. ntpq no indica que el modo ha sido cambiado."
}
],
"id": "CVE-2016-1548",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.353",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cret@cert.org",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "cret@cert.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/88264"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cret@cert.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "cret@cert.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cret@cert.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cret@cert.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cret@cert.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cret@cert.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cret@cert.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cret@cert.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
},
{
"source": "cret@cert.org",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cret@cert.org",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "cret@cert.org",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/88264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - | |
| siemens | tim_4r-ie_firmware | * | |
| siemens | tim_4r-ie | - | |
| siemens | tim_4r-ie_dnp3_firmware | * | |
| siemens | tim_4r-ie_dnp3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value."
},
{
"lang": "es",
"value": "La funci\u00f3n decodenetnum en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (fallo de aserci\u00f3n) empleando un paquete en modo 6 o modo 7 que contiene un valor de datos largo."
}
],
"id": "CVE-2015-7855",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2922"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77283"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274264"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40840/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40840/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value."
},
{
"lang": "es",
"value": "El par\u00e1metro datalen en el driver reflock en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que atacantes remotos ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio utilizando un valor de entrada negativo."
}
],
"id": "CVE-2015-7853",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.887",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2920"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77273"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"url": "http://www.talosintel.com/vulnerability-reports/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.talosintel.com/vulnerability-reports/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| oracle | solaris | 10 | |
| oracle | solaris | 11.3 | |
| suse | manager | 2.1 | |
| suse | manager_proxy | 2.1 | |
| suse | openstack_cloud | 5 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise_desktop | 12 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 12 | |
| siemens | simatic_net_cp_443-1_opc_ua_firmware | * | |
| siemens | simatic_net_cp_443-1_opc_ua | - | |
| siemens | tim_4r-ie_firmware | * | |
| siemens | tim_4r-ie | - | |
| siemens | tim_4r-ie_dnp3_firmware | * | |
| siemens | tim_4r-ie_dnp3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "863751A2-A97F-47CD-8D57-6D60E6F3593D",
"versionEndExcluding": "4.3.93",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
},
{
"lang": "es",
"value": "ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desmovilizaci\u00f3n de asociaci\u00f3n ef\u00edmera) mediante el env\u00edo de un paquete crypto-NAK falsificado con datos de autenticaci\u00f3n incorrectos en un momento determinado."
}
],
"id": "CVE-2016-4953",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-05T01:59:00.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3045"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91010"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/321640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45010D45-2FF2-4B04-B115-6B6FE606D598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C18E3368-8980-45D2-AD3F-5BF385ABA693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "835AE071-CEAE-49E5-8F0C-E5F50FB85EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E05BFFB-218A-4B91-880F-F7F321485153",
"versionEndExcluding": "10.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:enterprise_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5995933D-6186-46E1-9835-1760CEA6389D",
"versionEndExcluding": "11.2.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F31DB577-72CD-49CC-8AF5-23098503939E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenserver:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "3CC06F6C-6C15-444F-B159-235D347E5929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages."
},
{
"lang": "es",
"value": "El cliente ntpd en NTP 4.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio empleando una serie de mensajes \"KOD\" manipulados."
}
],
"id": "CVE-2015-7704",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2520.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77280"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"source": "cve@mitre.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2520.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
"matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4EEF7C-CC33-4494-8531-7C0CC28A8823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "74268F7D-058C-4E84-9D7E-3853A95918BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
"matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
},
{
"lang": "es",
"value": "El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a trav\u00e9s de un nombre de archivo manipulado."
}
],
"id": "CVE-2015-7976",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-28 17:15
Modified
2024-11-21 02:37
Severity ?
Summary
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://support.ntp.org/bin/view/Main/NtpBug2918 | Vendor Advisory | |
| cve@mitre.org | http://support.ntp.org/bin/view/Main/SecurityNotice | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.talosintel.com/reports/TALOS-2015-0062/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ntp.org/bin/view/Main/NtpBug2918 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.ntp.org/bin/view/Main/SecurityNotice | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintel.com/reports/TALOS-2015-0062/ | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \u0027\\\u0027 or \u0027/\u0027 characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files."
},
{
"lang": "es",
"value": "La vulnerabilidad salto de directorio en la funci\u00f3n save_config en ntpd en el archivo ntp_control.c en NTP versiones anteriores a 4.2.8p4, cuando es usado en sistemas que no utilizan caracteres \"\\\" o \u0027\"/\" para la separaci\u00f3n de directorios como OpenVMS, permite a usuarios autenticados remotos sobrescribir archivos arbitrarios."
}
],
"id": "CVE-2015-7851",
"lastModified": "2024-11-21T02:37:31.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-28T17:15:12.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2918"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintel.com/reports/TALOS-2015-0062/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.talosintel.com/reports/TALOS-2015-0062/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-06 19:15
Modified
2024-11-21 04:14
Severity ?
Summary
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*",
"matchCriteriaId": "E0CE4157-852B-42ED-A77C-8A17B189432E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker."
},
{
"lang": "es",
"value": "ntpd en ntp versiones 4.2.8p10, 4.2.8p11, 4.2.8p12 y 4.2.8p13, permiten a atacantes remotos impedir que un cliente de multidifusi\u00f3n sincronice su reloj con un servidor NTP de multidifusi\u00f3n por medio de paquetes de modo 3 y modo 5 suplantados. El atacante debe ser parte de la misma red de multidifusi\u00f3n o controlar un esclavo en esa red de multidifusi\u00f3n que puede capturar determinados paquetes requeridos en nombre del atacante y enviarlos luego al atacante."
}
],
"id": "CVE-2018-8956",
"lastModified": "2024-11-21T04:14:40.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-06T19:15:12.410",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ntp.org/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://arxiv.org/abs/2005.01783"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://nikhiltripathi.in/NTP_attack.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20200518-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.ietf.org/html/rfc5905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ntp.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://arxiv.org/abs/2005.01783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nikhiltripathi.in/NTP_attack.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20200518-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.ietf.org/html/rfc5905"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-04 13:15
Modified
2025-05-05 17:15
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F",
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8D7864-41B0-443E-96CF-B011B95223F0",
"versionEndExcluding": "4.3.100",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*",
"matchCriteriaId": "E0CE4157-852B-42ED-A77C-8A17B189432E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F921BC85-568E-4B69-A3CD-CF75C76672F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608",
"versionEndExcluding": "xcp2410",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD",
"versionEndExcluding": "xcp3110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
},
{
"lang": "es",
"value": "ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegaci\u00f3n de servicio (salida del demonio o cambio de hora del sistema) mediante la predicci\u00f3n de las marcas de tiempo de transmisi\u00f3n para su uso en paquetes falsificados. La v\u00edctima debe confiar en fuentes de tiempo IPv4 no autenticadas. Debe haber un atacante fuera de la ruta que pueda consultar el tiempo desde la instancia ntpd de la v\u00edctima"
}
],
"id": "CVE-2020-13817",
"lastModified": "2025-05-05T17:15:59.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-06-04T13:15:11.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-02 14:59
Modified
2025-04-11 00:51
Severity ?
Summary
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 11.4 | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| oracle | linux | 6 | |
| oracle | linux | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC55810-13AD-49D2-AFE5-A95F00824915",
"versionEndExcluding": "4.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:-:*:*:*:*:*:*",
"matchCriteriaId": "8CAC15F6-514F-4BED-A2A5-E89F4349D8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p0:*:*:*:*:*:*",
"matchCriteriaId": "B481C553-B73E-4DA2-9D5E-3774FF846590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "2AFDFCA1-0D59-4973-ACFE-CB75BD934154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p10:*:*:*:*:*:*",
"matchCriteriaId": "A04F57D2-2D27-4FBF-8530-2AC3FB744E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p11:*:*:*:*:*:*",
"matchCriteriaId": "518C32C8-0558-46A1-8532-90DBA1616221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p12:*:*:*:*:*:*",
"matchCriteriaId": "7E43BA6C-4FAE-4B96-90D3-E212BD21233D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p13:*:*:*:*:*:*",
"matchCriteriaId": "2D4E0EEC-92AD-43B2-8539-921AAA0BAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p14:*:*:*:*:*:*",
"matchCriteriaId": "5EC4F7DB-7769-4F81-B301-C973D0EB2E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p15:*:*:*:*:*:*",
"matchCriteriaId": "3862A517-5302-4CC5-A553-E8ED8F408984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p16:*:*:*:*:*:*",
"matchCriteriaId": "5E23550B-55D9-4D2A-868C-1F2E5833FFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p17:*:*:*:*:*:*",
"matchCriteriaId": "703DD909-3E63-46AF-BDBD-DB99035D17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p18:*:*:*:*:*:*",
"matchCriteriaId": "9307FD4B-AF64-476B-A238-1C8C9E8D7938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p19:*:*:*:*:*:*",
"matchCriteriaId": "19D2387E-78A0-42BD-B33E-5CE2858888DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p2:*:*:*:*:*:*",
"matchCriteriaId": "EF76B320-FE22-4528-9189-982909B67EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p20:*:*:*:*:*:*",
"matchCriteriaId": "4212F77B-AD87-47CE-972E-ADDF3E0A855C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p21:*:*:*:*:*:*",
"matchCriteriaId": "26DC7E1A-9F45-4F71-8EBE-8C4811757511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*",
"matchCriteriaId": "93AEBFB8-C063-4862-ADA5-32C8AD6A215D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*",
"matchCriteriaId": "AD38DF5B-0FE3-46B0-9313-0BEDB2FB85BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*",
"matchCriteriaId": "19B1C33A-80DD-4942-81A3-5A91B77B902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*",
"matchCriteriaId": "FE315238-7191-4A2E-A3C6-2162BE589C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p3:*:*:*:*:*:*",
"matchCriteriaId": "5453B367-AF6E-49F1-A448-EEC9BD30F774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*",
"matchCriteriaId": "E0040B79-5D07-4BEA-8861-8D827FB31735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*",
"matchCriteriaId": "D00C1A08-1AFF-4AED-9F32-6F7400E24427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*",
"matchCriteriaId": "6478C98A-FC07-457D-996D-53B9361B52D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*",
"matchCriteriaId": "C1D01BD4-27BF-49BD-9305-F26E0EC778AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*",
"matchCriteriaId": "F4E82220-4E07-41B0-952A-9C0CC0973D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*",
"matchCriteriaId": "38F02F01-569A-445D-A954-D9369E0B8850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
},
{
"lang": "es",
"value": "La caracter\u00edstica monlist en ntp_request.c en ntpd en NTP antes 4.2.7p26 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (amplificaci\u00f3n de tr\u00e1fico) a trav\u00e9s de solicitudes (1) REQ_MON_GETLIST o (2) solicitudes REQ_MON_GETLIST_1, como han sido explotados en diciembre de 2013."
}
],
"id": "CVE-2013-5211",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-02T14:59:03.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59288"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59726"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/348126"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64692"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030433"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/59726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/348126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-08 01:15
Modified
2024-11-21 02:11
Severity ?
Summary
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*",
"matchCriteriaId": "FE315238-7191-4A2E-A3C6-2162BE589C78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40267CF4-9AC8-48ED-9DD4-7F947045AE9C",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "699BDE7D-B02D-41A8-BD2C-936B54107616",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D2F203-B830-42E5-AE54-17453F72A45D",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1331467F-B278-485E-AD91-7D0643C2F3DB",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB630A86-FB84-4199-9E4D-38EB620806CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E695F85-F170-4FD4-819E-7DAF31662BF4",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD67D31-7FB8-4A3F-915D-385617E21428",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E866C4E5-D739-4352-9B6D-9753B4C78A24",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7CC5A1-6E7B-48BE-9E0A-0D1E51FCEA3D",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2620230F-1D8D-423D-953E-9EEF934C56DD",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42D16634-442B-4674-B11E-6748D28764BD",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "867B2CA9-DAE5-4070-B8E6-F624C59F5054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55C26031-A354-4E19-A1C3-415336B2E7C5",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9AF8FC-B730-428D-B317-86ABEF924299",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D91EC11-DD9A-434B-9EB4-14AA0E977D8D",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC01B17-9BC3-425F-8187-5AE7B0AAC227",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD8FE5B-DA42-41F3-AF57-2DB6C0C70661",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "283155E5-EEAB-4E05-A0E7-B9C5077A5029",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E697E4FD-1882-4BF8-9B9F-FB7DFD19497B",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A635FEC4-4F52-4971-A67D-47E68108E4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E90D8985-EDE3-4613-9B4A-E3929D1D3721",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394DF290-9328-4FAD-B04E-61F62B916148",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8F3686-2C9F-4EB1-973D-FBBC6401744F",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3136A8D1-3D0D-46B3-9A3A-737074864F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB8ADB-C47F-451D-8431-BAE51137C0D8",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1456F84-12B3-462C-A007-262680AA114B",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84452450-77FA-4708-9C86-5464D541C8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68FBFE46-BCFB-4337-8990-9E92C5C0647E",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9071FCDD-36CE-49F2-9CB1-4495BF852F5B",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72ED4B6A-EC5B-400E-88B7-6C986FC5BC4F",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68E2840B-96F4-4437-91D1-4AFE99E54D6A",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD53088-3BD4-4AF9-8934-4905231A75E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC944480-C2AD-4338-871D-02DE26B3E80A",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "534529CB-53EF-4ABB-A220-6B42DB5A69DC",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2670B3-1A96-4E72-A316-0AF826E8EC8B",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B83479FA-82FB-4F71-9B98-E683745DB49E",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EA336A-8055-4DA8-8F79-07C4ADE83E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A75EC568-E2B5-4F4E-AECC-44EA39A7EA21",
"versionEndIncluding": "11.6.4",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37257612-FAA4-4004-A4D3-4624F06F0615",
"versionEndIncluding": "12.1.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15F4D416-10F4-4C08-A25D-0795F7FE0FBE",
"versionEndIncluding": "13.1.1",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD",
"versionEndIncluding": "14.1.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C31E9AFD-27D1-47C4-A577-20BF6B42A1CA",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041CE71A-50D1-44E6-B683-CD7F89C51893",
"versionEndIncluding": "11.4.1",
"versionStartIncluding": "11.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B84923CD-9BC8-4241-82A3-5848333FFEB7",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBA20ED-08F5-4C35-991A-0DBC6BEAECC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A35703D-1BE0-459B-BDF0-08FB7C36A17E",
"versionEndIncluding": "10.2.4",
"versionStartIncluding": "10.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9768142-C554-44DE-B8D5-45CB51E3C34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "559900D6-7E43-4D2F-9167-BDB04DD5D0DB",
"versionEndIncluding": "5.4.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C",
"versionEndIncluding": "6.1.0",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24AEF0B2-7C8C-432C-A840-C2441A70343F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8BF865-BA45-4711-829F-EC8E5EA22D2F",
"versionEndIncluding": "4.5.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E21D6206-4716-47FE-A733-F18343656E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC0EAFD-DA5E-4A1B-81CB-0D5A964F9EB6",
"versionEndIncluding": "4.5.0",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3E56EB-202A-4F58-8E94-B2DDA1693498",
"versionEndIncluding": "4.5.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:iworkflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD83CC2-44E9-43F2-A9EF-E6A0C9C6E261",
"versionEndIncluding": "2.3.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:mobilesafe:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA70E87-466F-4B68-BFA1-C33FCEEE9FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:websafe:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE8D2705-DD84-4F26-94E1-4E6644556A98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n en los mensajes privados (modo 6/7) de NTP versi\u00f3n 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podr\u00eda permitir a un usuario malicioso obtener informaci\u00f3n confidencial."
}
],
"id": "CVE-2014-5209",
"lastModified": "2024-11-21T02:11:37.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-08T01:15:09.547",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K44942017"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K44942017"
},
{
"source": "cret@cert.org",
"url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K44942017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K44942017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*",
"matchCriteriaId": "E2CF4922-E481-4C5B-9A34-F439D9C727FE",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (evitar la posterior autenticaci\u00f3n) aprovechando el conocimiento de la clave de control o requestkey y enviando un paquete creado a ntpd, que cambia el valor de trustedkey, Controlkey o requestkey. NOTA: esta vulnerabilidad existe debido a una regresi\u00f3n de la CVE-2016-2516."
}
],
"id": "CVE-2016-2517",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:01.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3010"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88189"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| oracle | linux | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine\u0027s network interface with a packet from the ::1 address."
},
{
"lang": "es",
"value": "La funci\u00f3n read_network_packet en ntp_io.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p1 en Linux y OS X no determina correctamente si una direcci\u00f3n IP fuente es una direcci\u00f3n IPv6 loopback, lo que facilita a atacantes remotos suplantar paquetes restringidos y leer o escribir en el estado runtime, aprovechando la habilidad para alcanzar la interfaz de red de la m\u00e1quina ntpd con un paquete proveniente de la direcci\u00f3n ::1."
}
],
"id": "CVE-2014-9751",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-06T01:59:02.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2672"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72584"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184572"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-24 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| ntp | ntp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p2:*:*:*:*:*:*",
"matchCriteriaId": "24559D63-8F7F-4FD0-892B-2473B978D913",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet."
},
{
"lang": "es",
"value": "ntpd en ntp en versiones anteriores a la 4.2.8p3 con la configuraci\u00f3n remota habilitada permite que usuarios remotos autenticados que conozcan la contrase\u00f1a de configuraci\u00f3n y acceso a un ordenador asignado para realizar configuraciones remotas provoquen una denegaci\u00f3n de servicio (bloque de servicio) mediante un byte NULL en una directiva de paquete de configuraci\u00f3n manipulada."
}
],
"id": "CVE-2015-5146",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-24T20:29:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2853"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75589"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034168"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238136"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180731-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180731-0003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-20 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E63507D-C475-4379-85A5-185F19BEDCEE",
"versionEndIncluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
},
{
"lang": "es",
"value": "util/ntp-keygen.c en ntp-keygen en NTP anterior a 4.2.7p230 emplea una semilla RNG d\u00e9bil, esto hace que sea m\u00e1s f\u00e1cil romper los mecanismos de cifrado atacantes remotos mediante un ataque de fuerza bruta."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/338.html\"\u003eCWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)\u003c/a\u003e",
"id": "CVE-2014-9294",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-20T02:59:01.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs\u0026REV=4eae1b72298KRoBQmX-y8URCiRPH5g"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2666"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62209"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71762"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035"
},
{
"source": "cve@mitre.org",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "cve@mitre.org",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"source": "cve@mitre.org",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"source": "cve@mitre.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs\u0026REV=4eae1b72298KRoBQmX-y8URCiRPH5g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file."
},
{
"lang": "es",
"value": "ntpd en NTP 4.2.x en versiones anteriores a la 4.2.8p4, y 4.3.x en versiones anteriores a la 4.3.77 permite que usuarios remotos autenticados provoquen una denegaci\u00f3n de servicio (bucle infinito o ca\u00edda del sistema) apuntando al archivo de claves en el archivo de log."
}
],
"id": "CVE-2015-7850",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2917"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77279"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274258"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F",
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5D4FE7-07FC-4869-84F2-4FA767490A73",
"versionEndExcluding": "4.3.92",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_for_clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392D82A3-21BC-4CE1-A0AC-62A90468F0A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D2C3F5-73E2-4988-9416-940C3C09F25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0473C6C9-B0C5-43F0-AC8C-C0DAD30DACF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E94636C-58E3-4B5C-9B18-E5129F6B4A11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
"matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A308448F-7FAD-4CAA-B204-94979A0055EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "9D942069-86FD-4777-B144-27F68845510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:*",
"matchCriteriaId": "8BCB79FA-CF26-4DA9-BE6B-DB38F4BD76DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:*",
"matchCriteriaId": "6937683B-ADC8-452E-BCD7-34ED8656D75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:*",
"matchCriteriaId": "0B50A898-C510-4582-8931-2820D2FFB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:*",
"matchCriteriaId": "5016E4BB-D905-49BF-8B23-40DD9F9BC133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:*",
"matchCriteriaId": "C4009691-42D4-4E04-BA72-EAC9E30C30E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "AC531D8E-31B3-48B1-8B79-85B9FB67CF0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:*",
"matchCriteriaId": "4B161FA9-E1A8-407B-80A9-9F57DF4E6932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:*",
"matchCriteriaId": "C608B9D9-28DD-4470-A5A2-96B030E8EA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:*",
"matchCriteriaId": "50702FA4-624E-4C47-B672-8479ED7EB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:*",
"matchCriteriaId": "A05DE064-17DC-4BC3-BFA7-1FF31324BB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:*",
"matchCriteriaId": "3785D821-D809-4948-92E0-CD6F93D06D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:*",
"matchCriteriaId": "4F309C4D-DBE9-4FDC-9F71-670FE84E8859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p28:*:*:*:*:*:*",
"matchCriteriaId": "F6DF73AA-4270-46C1-BD19-EE0EAE39B6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "B9D919A6-BBEC-416C-8FC0-5CA7B0191E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p30:*:*:*:*:*:*",
"matchCriteriaId": "BC7FC9A7-46A4-4BEC-AD3D-4E986BBB4B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p31:*:*:*:*:*:*",
"matchCriteriaId": "6C1380CA-757C-442D-A15E-7C1EEF309BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p32:*:*:*:*:*:*",
"matchCriteriaId": "B4E26747-28E7-46C6-B9D2-949E7D2B9076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p33:*:*:*:*:*:*",
"matchCriteriaId": "0D16FE35-E17F-4520-B2AA-916F586DE052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p34:*:*:*:*:*:*",
"matchCriteriaId": "02A6E6C3-1DBF-41C5-8377-A3058AF1A1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p35:*:*:*:*:*:*",
"matchCriteriaId": "168BEEE1-3401-4831-B32A-19874B1C185E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p36:*:*:*:*:*:*",
"matchCriteriaId": "FE660FBA-AD88-485E-B77B-94513E9CC660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p38:*:*:*:*:*:*",
"matchCriteriaId": "04E25F11-56B2-4F49-913A-57FC58EBD87E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p39:*:*:*:*:*:*",
"matchCriteriaId": "B144DAC7-1B42-4DC2-AE46-6D3AD3296A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "22A2F317-2F1A-4D3F-8E31-B5ABFCEE2AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:*",
"matchCriteriaId": "179468E8-0FB7-4E1A-9002-AFC8753027AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:*",
"matchCriteriaId": "CF8563F3-DD91-4272-B72D-08F66E2E44C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:*",
"matchCriteriaId": "642BCA8F-6432-43D2-9E74-565CC71A9DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:*",
"matchCriteriaId": "09003BFB-72FB-4F89-B62C-4A2505E60630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:*",
"matchCriteriaId": "794DB6C2-514F-4353-AC31-025D53FFC3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "55448583-DD8E-44FA-9033-CEB8E63FC2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:*",
"matchCriteriaId": "A238C1FE-D4D3-4EEC-ACBE-341B112123EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:*",
"matchCriteriaId": "BABAD599-782F-4BFE-9EE2-0668ECAAC349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:*",
"matchCriteriaId": "C263C188-EA00-4110-B9A5-16C0CD0F1DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:*",
"matchCriteriaId": "75F93217-BCD4-4AD4-9621-49C83BA3FFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:*",
"matchCriteriaId": "1860A2E7-8E58-4082-9C71-E4F383244953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:*",
"matchCriteriaId": "B07FABAF-00CF-4284-AAC2-F3D6DA3D3841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:*",
"matchCriteriaId": "87440763-A4AF-44E9-AB26-155313A64269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "5F2A6E84-E37B-4E21-BBD9-FDB878D53D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:*",
"matchCriteriaId": "2D5B97BE-4A7F-4482-8A7F-A7DB5314CEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:*",
"matchCriteriaId": "256FDB00-0427-4B72-B9FA-1FE4AD56EC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:*",
"matchCriteriaId": "5EC0C4BA-089F-44B1-A49B-2CDDEC86997B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:*",
"matchCriteriaId": "F7713F76-A9C7-498B-BEEC-B022D13268A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:*",
"matchCriteriaId": "E51647B0-B346-4FCB-97BE-22D43D002B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p28:*:*:*:*:*:*",
"matchCriteriaId": "AD84262A-7EBA-4E69-84C0-401D2FF33145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p29:*:*:*:*:*:*",
"matchCriteriaId": "40325D25-ECE7-486E-B654-EAEA69E3D97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:*",
"matchCriteriaId": "D5F7A00A-5A6B-46FA-8527-14917C50555A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p30:*:*:*:*:*:*",
"matchCriteriaId": "CBD1A05A-5BBF-4C18-A5E0-E3A938D0D44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p31:*:*:*:*:*:*",
"matchCriteriaId": "8A8EDDD7-9BE0-4C11-B3E2-6BC63984DA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "466EA7B2-FBAF-4325-AD99-F5F4B0E5C0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "EAD3F82B-E13C-40CE-BF65-4DA204FCDE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:*",
"matchCriteriaId": "23E2935E-7159-45A2-9164-978453F24BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:*",
"matchCriteriaId": "1B7F75CF-F808-4BD6-9A46-AA5C1989F740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:*",
"matchCriteriaId": "3EC40899-2775-45B9-96C1-8A9E7FAB7A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:*",
"matchCriteriaId": "A22BC7A2-BA8D-4C1D-A51A-7DF7EDEDDCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:*",
"matchCriteriaId": "C1C1DA92-2184-4FB0-8392-AF80E7D6EB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "C59FCA1F-C2F9-4E11-A457-7979C94ECD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:*",
"matchCriteriaId": "13BA0876-9EFB-474E-83BB-9A53F38ADD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p11:*:*:*:*:*:*",
"matchCriteriaId": "B757D006-B0C5-4992-A1D7-2EB26C9A36D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p12:*:*:*:*:*:*",
"matchCriteriaId": "D07D5215-F475-42BA-B9B0-395628646C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p13:*:*:*:*:*:*",
"matchCriteriaId": "F0EED80F-53F4-46AA-B76E-FBF158D16544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p14:*:*:*:*:*:*",
"matchCriteriaId": "375EAFDB-9E71-4EE8-9BDA-77FF831F2E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "041C28B8-8EA6-461D-B6CB-13E3B9FF8411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:*",
"matchCriteriaId": "91362F1A-CB09-4505-A724-332C743D9624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:*",
"matchCriteriaId": "D7F738CA-C3F4-4A30-9FF6-F0BD1DC1CC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p8:*:*:*:*:*:*",
"matchCriteriaId": "44685E95-3139-4A82-9A8B-EB5379DF0558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p9:*:*:*:*:*:*",
"matchCriteriaId": "8F92482C-F8B9-47A7-B5F1-ACBAC2A91646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.3:-:*:*:*:*:*:*",
"matchCriteriaId": "E30CCEF8-E86A-482F-A77B-175F106D354E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
},
{
"lang": "es",
"value": "La funci\u00f3n MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los l\u00edmites a trav\u00e9s de una solicitud addpeer con un valor hmode grande."
}
],
"id": "CVE-2016-2518",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:01.080",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88226"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cve@mitre.org",
"url": "https://support.f5.com/csp/article/K20804323"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K20804323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
"matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
"versionEndIncluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p6 y 4.3.0 en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de la pila) a trav\u00e9s de un comando ntpdc relist, lo que desencadena el recorrido recursivo de la lista de restricciones."
}
],
"id": "CVE-2015-7978",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81962"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*",
"matchCriteriaId": "72A23255-B135-4A4C-A2BA-A93026C0F520",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."
},
{
"lang": "es",
"value": "ntpd en NTP en versiones anteriores a 4.2.8p9, cuando se ejecuta en Windows, permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un paquete UDP grande."
}
],
"id": "CVE-2016-9312",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3110"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94450"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*",
"matchCriteriaId": "72A23255-B135-4A4C-A2BA-A93026C0F520",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
},
{
"lang": "es",
"value": "La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a trav\u00e9s de un paquete de modo de control manipulado."
}
],
"id": "CVE-2016-9310",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94452"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2025-01-14 19:29
Severity ?
Summary
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9B114E-15BF-4731-9296-A8F82591B418",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B0AEDA-4FC3-4AD8-ADE3-356A4498AF95",
"versionEndExcluding": "1.1.6-6931-3",
"versionStartIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synology:skynas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C114627A-7D1E-4B0C-B004-9CFAC78F2F0F",
"versionEndExcluding": "6.1.5-15254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synology:virtual_diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65C1F9D-C457-49E8-A46B-9B15D5FCE5C7",
"versionEndExcluding": "6.1.6-15266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B270650E-B819-4CE6-B129-BF90CE8B2A03",
"versionEndExcluding": "6.1.6-15266",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A606357-7469-43AD-8B5A-152C43D017DF",
"versionEndExcluding": "2.2.3-1505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A1FDA7-BE46-4FAB-A3FD-9A40C770C4AB",
"versionEndExcluding": "c.4.2.8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C32584F2-910F-40D2-B6EE-EA4D23E10093",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F63BFBA-A4D8-43D1-A13E-DEED6AEF596B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D512DA28-0734-43F5-A2F8-0828AE02AC9A",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BB5347-D09D-4FC5-9F1C-7F3E036C18AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5262B15-F2CC-4E49-A5C3-DA8AC77EE93F",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "529D4274-F33B-47C7-A3FB-6F86096FD955",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7AD36E-DC2F-400B-A3CC-8E3410C65316",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A534E662-66B7-448B-A763-6B043112C877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3179F5BF-7A7E-4C2C-A8A0-D8918C8FF809",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95541D18-5C33-49E9-924D-0B21162EC2C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA98A6E-9490-4824-9ED3-3D72F63E8D43",
"versionEndExcluding": "xcp2361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD4F61-0A4F-4C74-A852-B1CD3639E1D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5D9B37-5071-407B-A717-B686786226B4",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F63BFBA-A4D8-43D1-A13E-DEED6AEF596B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "562A7D6E-B216-4182-A5FB-4AFE811CE601",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BB5347-D09D-4FC5-9F1C-7F3E036C18AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE144E5-A9AA-4688-880A-5001AB418010",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "529D4274-F33B-47C7-A3FB-6F86096FD955",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A56DEDA3-5B9D-4FF3-B681-7F052AE9891D",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A534E662-66B7-448B-A763-6B043112C877",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B775A394-D1BB-4558-8DFC-8B99195EEF6D",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95541D18-5C33-49E9-924D-0B21162EC2C4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10A49B2E-A679-4D8F-A027-570A7DE83134",
"versionEndExcluding": "xcp3070",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22FD4F61-0A4F-4C74-A852-B1CD3639E1D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association."
},
{
"lang": "es",
"value": "El motor de protocolo en ntp, en versiones 4.2.6 anteriores a la 4.2.8p11, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (interrupci\u00f3n) mediante el env\u00edo continuado de un paquete con una marca de tiempo zero-origin y la direcci\u00f3n IP de origen \"del otro lado\" de una asociaci\u00f3n intercalada que provoca que el ntpd de la v\u00edctima restablezca su asociaci\u00f3n."
}
],
"id": "CVE-2018-7185",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-06T20:29:01.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3454"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103339"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-21 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
"matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "5A633996-2FD7-467C-BAA6-529E16BD06D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A33B9F5-E0D1-4A3E-9FFB-5602A25F3227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0F5A0-70D9-4305-A834-B6FF71E27B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "88BCD7DC-0FEF-477D-8698-F8D8F1A49D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z:*:*:*:*:*:*:*",
"matchCriteriaId": "AA856400-1B48-429A-94A0-173B7EEE1EC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*",
"matchCriteriaId": "05D076CA-85DD-48B4-9A8A-F413FFBFB55F",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
},
{
"lang": "es",
"value": "La comprobaci\u00f3n panic_gate en NTP anterior a versi\u00f3n 4.2.8p5 es solo habilitada nuevamente despu\u00e9s del primer cambio al reloj del sistema que fue mayor que 128 milisegundos por defecto, permitiendo a los atacantes remotos fijar el NTP a un tiempo arbitrario cuando arranca con la opci\u00f3n -g, o alterar el tiempo hasta 900 segundos, de lo contrario por respuesta a un n\u00famero no especificado de peticiones de fuentes de confianza y aprovechando una denegaci\u00f3n de servicio resultante (anular y reiniciar)."
}
],
"id": "CVE-2015-5300",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-21T14:29:00.927",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Feb/164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77312"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034670"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2016/Feb/164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-361"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write."
},
{
"lang": "es",
"value": "La funci\u00f3n mx4200_send en el refclock legado de MX4200 en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 no maneja correctamente el valor de retorno de la funci\u00f3n snprintf, lo que permite a usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, lo que desencadena una escritura de memoria fuera de l\u00edmites."
}
],
"id": "CVE-2017-6451",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3378"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97058"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*",
"matchCriteriaId": "E2CF4922-E481-4C5B-9A34-F439D9C727FE",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92, cuando mode7 est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (anular ntpd) usando la misma direcci\u00f3n IP varias veces en una directiva unconfig."
}
],
"id": "CVE-2016-2516",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:01.003",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3011"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88180"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/88180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-14 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.0.72 | |
| ntp | ntp | 4.0.73 | |
| ntp | ntp | 4.0.90 | |
| ntp | ntp | 4.0.91 | |
| ntp | ntp | 4.0.92 | |
| ntp | ntp | 4.0.93 | |
| ntp | ntp | 4.0.94 | |
| ntp | ntp | 4.0.95 | |
| ntp | ntp | 4.0.96 | |
| ntp | ntp | 4.0.97 | |
| ntp | ntp | 4.0.98 | |
| ntp | ntp | 4.0.99 | |
| ntp | ntp | 4.1.0 | |
| ntp | ntp | 4.1.2 | |
| ntp | ntp | 4.2.0 | |
| ntp | ntp | 4.2.2 | |
| ntp | ntp | 4.2.2p1 | |
| ntp | ntp | 4.2.2p2 | |
| ntp | ntp | 4.2.2p3 | |
| ntp | ntp | 4.2.2p4 | |
| ntp | ntp | 4.2.4 | |
| ntp | ntp | 4.2.4p0 | |
| ntp | ntp | 4.2.4p1 | |
| ntp | ntp | 4.2.4p2 | |
| ntp | ntp | 4.2.4p3 | |
| ntp | ntp | 4.2.4p4 | |
| ntp | ntp | 4.2.4p5 | |
| ntp | ntp | 4.2.4p6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E94AD088-AEF8-4708-9EAE-1A46F7C4DC4E",
"versionEndIncluding": "4.2.4p7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "25AB2D70-2807-4970-ACD3-9B4751A1F9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "06C78C19-5A09-4883-8144-AE861A244FEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "437C8BA8-F437-4166-838D-EDC64E7A67DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "104AEC97-3C2A-48D2-BA63-08502F88F8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "87D67E30-E303-4F79-9929-4A5B587FCDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BD95B5-322C-4CDC-A2DB-A06D4DA3B104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD63969-D18D-41AF-9814-DA1A207BDE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAD8958-173A-4FCC-9420-A148BA5F73E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "B271F6AD-D829-4671-8FA7-7D921364B426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "C25E03A8-46B5-4AC7-8506-4C255D7CC400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "2C76CD53-CC9F-491A-952F-9A82D6E20058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "E749D64E-5C47-4A34-9F3C-1D34F8348058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0C9CBB-D52F-4F7C-B343-E685A3996BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "088BFFA4-1AAB-4699-9793-F731A81B296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3475779-383A-4128-9145-474EC08030FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "782BAA3D-A639-4B25-83F0-741074C88D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF367FA4-2C7F-4040-89DE-8A97A069A802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "01D11498-3FC4-4890-9B10-BBA74A01C9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D085796-5574-4EF3-8CD4-3CCEF2867823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0D2303-95BD-4260-86FC-3DFED8532092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA843BCD-372A-42F5-A8C0-1AD32FA9E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B980A178-2958-4B36-8AD8-3932B12C5A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D65210A-F80E-4019-91DA-49838369E03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FAB224-3493-4273-A655-10BE44F5B5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "093F0DD2-9E88-4138-AFF5-69105E7F2C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3590927-E242-411D-822A-33337D6B8A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p6:*:*:*:*:*:*:*",
"matchCriteriaId": "20FCD55C-D4A8-4544-81AF-C920B3B48A2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n cookedprint en ntpq/ntpq.c en ntpq en NTP versiones anteriores a v4.2.4p7-RC2 permite a servidores NTP remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de respuestas manipuladas."
}
],
"id": "CVE-2009-0159",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-14T15:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.pardus.org.tr/show_bug.cgi?id=9532"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch\u0026REV=1.1565"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53593"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34608"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35137"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35138"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35166"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35169"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35253"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35308"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35336"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35416"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35630"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:092"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34481"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022033"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0999"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49838"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1144"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/777-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.pardus.org.tr/show_bug.cgi?id=9532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch\u0026REV=1.1565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/777-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-09 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.0.72 | |
| ntp | ntp | 4.0.73 | |
| ntp | ntp | 4.0.90 | |
| ntp | ntp | 4.0.91 | |
| ntp | ntp | 4.0.92 | |
| ntp | ntp | 4.0.93 | |
| ntp | ntp | 4.0.94 | |
| ntp | ntp | 4.0.95 | |
| ntp | ntp | 4.0.96 | |
| ntp | ntp | 4.0.97 | |
| ntp | ntp | 4.0.98 | |
| ntp | ntp | 4.0.99 | |
| ntp | ntp | 4.1.0 | |
| ntp | ntp | 4.1.2 | |
| ntp | ntp | 4.2.0 | |
| ntp | ntp | 4.2.2 | |
| ntp | ntp | 4.2.2p1 | |
| ntp | ntp | 4.2.2p2 | |
| ntp | ntp | 4.2.2p3 | |
| ntp | ntp | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73B1FD64-D156-45BC-9713-77E163DF731C",
"versionEndIncluding": "4.2.2p4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "25AB2D70-2807-4970-ACD3-9B4751A1F9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "06C78C19-5A09-4883-8144-AE861A244FEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "437C8BA8-F437-4166-838D-EDC64E7A67DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "104AEC97-3C2A-48D2-BA63-08502F88F8D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "87D67E30-E303-4F79-9929-4A5B587FCDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BD95B5-322C-4CDC-A2DB-A06D4DA3B104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0BD63969-D18D-41AF-9814-DA1A207BDE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAD8958-173A-4FCC-9420-A148BA5F73E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "B271F6AD-D829-4671-8FA7-7D921364B426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "C25E03A8-46B5-4AC7-8506-4C255D7CC400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "2C76CD53-CC9F-491A-952F-9A82D6E20058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "E749D64E-5C47-4A34-9F3C-1D34F8348058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0C9CBB-D52F-4F7C-B343-E685A3996BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90A3FB-B107-46CF-A846-48EE0EDF637A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "088BFFA4-1AAB-4699-9793-F731A81B296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3475779-383A-4128-9145-474EC08030FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "782BAA3D-A639-4B25-83F0-741074C88D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF367FA4-2C7F-4040-89DE-8A97A069A802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "01D11498-3FC4-4890-9B10-BBA74A01C9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "35C2B888-66D6-45D3-97E3-C711B1C6971A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
},
{
"lang": "es",
"value": "ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantaci\u00f3n de (1) petici\u00f3n o (2) paquete respueta lo que lanza continuo intercambio de errores de respuesta MODE_PRIVATE entre dos demonios NTP."
}
],
"id": "CVE-2009-3563",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-09T18:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"source": "cve@mitre.org",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37629"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37922"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38764"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38832"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38834"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39593"
},
{
"source": "cve@mitre.org",
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023298"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"source": "cve@mitre.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"source": "cve@mitre.org",
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"source": "cve@mitre.org",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "cve@mitre.org",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"source": "cve@mitre.org",
"url": "https://www.kb.cert.org/vuls/id/417980"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/417980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
"matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
"versionEndIncluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos eludir la validaci\u00f3n de marca horaria de origen a trav\u00e9s de un paquete con una marca horaria de origen puesta a cero."
}
],
"id": "CVE-2015-8138",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81811"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-04 20:29
Modified
2024-11-21 03:00
Severity ?
Summary
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA79CE41-D873-4A4A-A20C-83EB8772E5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53E56F4F-B418-44DD-9C97-7276A4C58F3E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A1FDA7-BE46-4FAB-A3FD-9A40C770C4AB",
"versionEndExcluding": "c.4.2.8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad explotable de denegaci\u00f3n de servicio (DoS) en la funcionalidad de comprobaci\u00f3n de marca de tiempo de origen de ntpd 4.2.8p9. Se puede emplear un paquete de red no autenticado especialmente manipulado para reiniciar la marca de tiempo de origen esperada para los peers objetivo. Las respuestas leg\u00edtimas de los peers objetivo no pasar\u00e1n la comprobaci\u00f3n de marca de tiempo de origen (TEST2), lo que hace que la respuesta se elimine y se cree una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2016-9042",
"lastModified": "2024-11-21T03:00:29.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-04T20:29:00.417",
"references": [
{
"source": "talos-cna@cisco.com",
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"source": "talos-cna@cisco.com",
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "talos-cna@cisco.com",
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"source": "talos-cna@cisco.com",
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"source": "talos-cna@cisco.com",
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"source": "talos-cna@cisco.com",
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"source": "talos-cna@cisco.com",
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97046"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "talos-cna@cisco.com",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"source": "talos-cna@cisco.com",
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "talos-cna@cisco.com",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"source": "talos-cna@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"source": "talos-cna@cisco.com",
"url": "https://support.apple.com/kb/HT208144"
},
{
"source": "talos-cna@cisco.com",
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "talos-cna@cisco.com",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-20 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E63507D-C475-4379-85A5-185F19BEDCEE",
"versionEndIncluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets."
},
{
"lang": "es",
"value": "La funci\u00f3n de recepci\u00f3n en ntp_proto.c en ntpd en NTP anterior a 4.2.8 contin\u00faa ejecutando despu\u00e9s de detectar un cierto error de autenticaci\u00f3n, lo que podr\u00eda permitir a un atacante remoto a provocar una asociaci\u00f3n involuntaria mediante paquetes modificados."
}
],
"id": "CVE-2014-9296",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-20T02:59:03.837",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548ad06feXHK1HlZoY-WZVyynwvwAg"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2670"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62209"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71758"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
},
{
"source": "cve@mitre.org",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"source": "cve@mitre.org",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"source": "cve@mitre.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548ad06feXHK1HlZoY-WZVyynwvwAg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 21:15
Modified
2025-02-11 16:15
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*",
"matchCriteriaId": "D300A755-9809-4469-8C08-20CB451C83A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp\u003ccpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
}
],
"id": "CVE-2023-26551",
"lastModified": "2025-02-11T16:15:35.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T21:15:21.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26551"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
},
{
"lang": "es",
"value": "La funci\u00f3n crypto_xmit en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio empleando paquetes manipulados que contengan operaciones de autoclave espec\u00edficas. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-9750."
}
],
"id": "CVE-2015-7691",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77274"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 21:15
Modified
2025-02-11 16:15
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*",
"matchCriteriaId": "D300A755-9809-4469-8C08-20CB451C83A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
}
],
"id": "CVE-2023-26552",
"lastModified": "2025-02-11T16:15:35.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T21:15:21.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-20 14:29
Modified
2024-11-21 03:44
Severity ?
Summary
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en ntpq y ntpdc en NTP 4.2.8p11 permite que un atacante logre la ejecuci\u00f3n de c\u00f3digo o escale a mayores privilegios mediante una cadena larga en el argumento para un par\u00e1metro command-line IPv4 o IPv6. NOTA: no se sabe a ciencia cierta si hay situaciones comunes en las que se emplea ntpq o ntpdc con una l\u00ednea de comando de un origen no fiable."
}
],
"id": "CVE-2018-12327",
"lastModified": "2024-11-21T03:44:59.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-20T14:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104517"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:3853"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:3854"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2077"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4229-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44909/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4229-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44909/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet."
},
{
"lang": "es",
"value": "ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (rechazar paquetes de modo de difusi\u00f3n) a trav\u00e9s del intervalo de encuesta en un paquete de difusi\u00f3n."
}
],
"id": "CVE-2016-7428",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3113"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94446"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una configuraci\u00f3n no v\u00e1lida en al directiva :config, relacionado con la opci\u00f3n unpeer."
}
],
"id": "CVE-2017-6463",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3387"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97049"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3707-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2025-01-14 19:29
Severity ?
Summary
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| synology | router_manager | * | |
| synology | skynas | * | |
| synology | virtual_diskstation_manager | * | |
| synology | diskstation_manager | * | |
| synology | vs960hd_firmware | * | |
| synology | vs960hd | - | |
| netapp | hci | - | |
| netapp | solidfire | - | |
| hpe | hpux-ntp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5D4FE7-07FC-4869-84F2-4FA767490A73",
"versionEndExcluding": "4.3.92",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B0AEDA-4FC3-4AD8-ADE3-356A4498AF95",
"versionEndExcluding": "1.1.6-6931-3",
"versionStartIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synology:skynas:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C114627A-7D1E-4B0C-B004-9CFAC78F2F0F",
"versionEndExcluding": "6.1.5-15254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synology:virtual_diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65C1F9D-C457-49E8-A46B-9B15D5FCE5C7",
"versionEndExcluding": "6.1.6-15266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B270650E-B819-4CE6-B129-BF90CE8B2A03",
"versionEndExcluding": "6.1.6-15266",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A606357-7469-43AD-8B5A-152C43D017DF",
"versionEndExcluding": "2.2.3-1505",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A1FDA7-BE46-4FAB-A3FD-9A40C770C4AB",
"versionEndExcluding": "c.4.2.8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549."
},
{
"lang": "es",
"value": "ntpd en ntp, en versiones 4.2.x anteriores a la 4.2.8p7 y versiones 4.3.x anteriores a la 4.3.92, permite que usuarios autenticados que conozcan la clave privada sim\u00e9trica creen de forma arbitraria muchas asociaciones ef\u00edmeras para ganar la selecci\u00f3n de reloj de ntpd y modifiquen el reloj de una v\u00edctima mediante un ataque Sybil. Este problema existe debido a una soluci\u00f3n incompleta para CVE-2016-1549."
}
],
"id": "CVE-2018-7170",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-06T20:29:01.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3415"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103194"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550214"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-20 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E63507D-C475-4379-85A5-185F19BEDCEE",
"versionEndIncluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
},
{
"lang": "es",
"value": "La funci\u00f3n config_auth en ntpd en NTP anterior a 4.2.7p11, cuando no se configura una clave de autenticaci\u00f3n, incorr\u00e9ctamente genera una clave, esto hace que atacantes remotos puedan romper los mecanismos de protecci\u00f3n f\u00e1cilmente mediante un ataque de fuerza bruta."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/332.html\"\u003eCWE-332: Insufficient Entropy in PRNG\u003c/a\u003e",
"id": "CVE-2014-9293",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-20T02:59:00.053",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs\u0026REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2665"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62209"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71757"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032"
},
{
"source": "cve@mitre.org",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "cve@mitre.org",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"source": "cve@mitre.org",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"source": "cve@mitre.org",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"source": "cve@mitre.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs\u0026REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| oracle | solaris | 10 | |
| oracle | solaris | 11.3 | |
| suse | manager_proxy | 2.1 | |
| suse | openstack_cloud | 5 | |
| novell | suse_manager | 2.1 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise_desktop | 12 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 12 | |
| siemens | simatic_net_cp_443-1_opc_ua_firmware | * | |
| siemens | simatic_net_cp_443-1_opc_ua | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "863751A2-A97F-47CD-8D57-6D60E6F3593D",
"versionEndExcluding": "4.3.93",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "514646C5-C5D4-487E-8950-B3A2B1DE8EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
},
{
"lang": "es",
"value": "ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (transici\u00f3n de modo intercalado y cambio de hora) a trav\u00e9s de un paquete de difusi\u00f3n manipulado. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2016-1548."
}
],
"id": "CVE-2016-4956",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-05T01:59:03.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3042"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91009"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/321640"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "510BE484-3C5F-4025-A4C4-60A72CEAE08E",
"versionEndIncluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3207DA93-AFE7-45D8-90DA-A12F6AB76293",
"versionEndExcluding": "4.3.90",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25D94EFB-8CB5-485B-9F16-EF70E3944C97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98F55394-62EB-433D-B459-6B657909D2C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A308448F-7FAD-4CAA-B204-94979A0055EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "9D942069-86FD-4777-B144-27F68845510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:*",
"matchCriteriaId": "8BCB79FA-CF26-4DA9-BE6B-DB38F4BD76DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:*",
"matchCriteriaId": "6937683B-ADC8-452E-BCD7-34ED8656D75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:*",
"matchCriteriaId": "0B50A898-C510-4582-8931-2820D2FFB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:*",
"matchCriteriaId": "5016E4BB-D905-49BF-8B23-40DD9F9BC133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:*",
"matchCriteriaId": "C4009691-42D4-4E04-BA72-EAC9E30C30E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "AC531D8E-31B3-48B1-8B79-85B9FB67CF0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:*",
"matchCriteriaId": "4B161FA9-E1A8-407B-80A9-9F57DF4E6932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:*",
"matchCriteriaId": "C608B9D9-28DD-4470-A5A2-96B030E8EA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:*",
"matchCriteriaId": "50702FA4-624E-4C47-B672-8479ED7EB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:*",
"matchCriteriaId": "A05DE064-17DC-4BC3-BFA7-1FF31324BB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:*",
"matchCriteriaId": "3785D821-D809-4948-92E0-CD6F93D06D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:*",
"matchCriteriaId": "4F309C4D-DBE9-4FDC-9F71-670FE84E8859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p28:*:*:*:*:*:*",
"matchCriteriaId": "F6DF73AA-4270-46C1-BD19-EE0EAE39B6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "B9D919A6-BBEC-416C-8FC0-5CA7B0191E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p30:*:*:*:*:*:*",
"matchCriteriaId": "BC7FC9A7-46A4-4BEC-AD3D-4E986BBB4B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p31:*:*:*:*:*:*",
"matchCriteriaId": "6C1380CA-757C-442D-A15E-7C1EEF309BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p32:*:*:*:*:*:*",
"matchCriteriaId": "B4E26747-28E7-46C6-B9D2-949E7D2B9076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p33:*:*:*:*:*:*",
"matchCriteriaId": "0D16FE35-E17F-4520-B2AA-916F586DE052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p34:*:*:*:*:*:*",
"matchCriteriaId": "02A6E6C3-1DBF-41C5-8377-A3058AF1A1A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "22A2F317-2F1A-4D3F-8E31-B5ABFCEE2AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:*",
"matchCriteriaId": "179468E8-0FB7-4E1A-9002-AFC8753027AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:*",
"matchCriteriaId": "CF8563F3-DD91-4272-B72D-08F66E2E44C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:*",
"matchCriteriaId": "642BCA8F-6432-43D2-9E74-565CC71A9DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:*",
"matchCriteriaId": "09003BFB-72FB-4F89-B62C-4A2505E60630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:*",
"matchCriteriaId": "794DB6C2-514F-4353-AC31-025D53FFC3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "55448583-DD8E-44FA-9033-CEB8E63FC2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:*",
"matchCriteriaId": "A238C1FE-D4D3-4EEC-ACBE-341B112123EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:*",
"matchCriteriaId": "BABAD599-782F-4BFE-9EE2-0668ECAAC349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:*",
"matchCriteriaId": "C263C188-EA00-4110-B9A5-16C0CD0F1DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:*",
"matchCriteriaId": "75F93217-BCD4-4AD4-9621-49C83BA3FFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:*",
"matchCriteriaId": "1860A2E7-8E58-4082-9C71-E4F383244953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:*",
"matchCriteriaId": "B07FABAF-00CF-4284-AAC2-F3D6DA3D3841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:*",
"matchCriteriaId": "87440763-A4AF-44E9-AB26-155313A64269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "5F2A6E84-E37B-4E21-BBD9-FDB878D53D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:*",
"matchCriteriaId": "2D5B97BE-4A7F-4482-8A7F-A7DB5314CEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:*",
"matchCriteriaId": "256FDB00-0427-4B72-B9FA-1FE4AD56EC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:*",
"matchCriteriaId": "5EC0C4BA-089F-44B1-A49B-2CDDEC86997B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:*",
"matchCriteriaId": "F7713F76-A9C7-498B-BEEC-B022D13268A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:*",
"matchCriteriaId": "E51647B0-B346-4FCB-97BE-22D43D002B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:*",
"matchCriteriaId": "D5F7A00A-5A6B-46FA-8527-14917C50555A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "466EA7B2-FBAF-4325-AD99-F5F4B0E5C0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "EAD3F82B-E13C-40CE-BF65-4DA204FCDE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:*",
"matchCriteriaId": "23E2935E-7159-45A2-9164-978453F24BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:*",
"matchCriteriaId": "1B7F75CF-F808-4BD6-9A46-AA5C1989F740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:*",
"matchCriteriaId": "3EC40899-2775-45B9-96C1-8A9E7FAB7A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:*",
"matchCriteriaId": "A22BC7A2-BA8D-4C1D-A51A-7DF7EDEDDCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:*",
"matchCriteriaId": "C1C1DA92-2184-4FB0-8392-AF80E7D6EB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "C59FCA1F-C2F9-4E11-A457-7979C94ECD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:*",
"matchCriteriaId": "13BA0876-9EFB-474E-83BB-9A53F38ADD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "041C28B8-8EA6-461D-B6CB-13E3B9FF8411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:*",
"matchCriteriaId": "91362F1A-CB09-4505-A724-332C743D9624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:*",
"matchCriteriaId": "D7F738CA-C3F4-4A30-9FF6-F0BD1DC1CC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p8:*:*:*:*:*:*",
"matchCriteriaId": "44685E95-3139-4A82-9A8B-EB5379DF0558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p9:*:*:*:*:*:*",
"matchCriteriaId": "8F92482C-F8B9-47A7-B5F1-ACBAC2A91646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command."
},
{
"lang": "es",
"value": "ntpd en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL) mediante un comando ntpdc reslist."
}
],
"id": "CVE-2015-7977",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2939"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81815"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.5 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9B114E-15BF-4731-9296-A8F82591B418",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p186:*:*:*:*:*:*",
"matchCriteriaId": "D5D4B9E2-A28F-4E43-980C-698F833D03DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p187:*:*:*:*:*:*",
"matchCriteriaId": "3C78C23F-3125-4CAB-B75D-EA105A5C5D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p188:*:*:*:*:*:*",
"matchCriteriaId": "0A5267AF-4F05-4124-89B2-AC705C181FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p189:*:*:*:*:*:*",
"matchCriteriaId": "00E07D52-2DEE-4ACF-AA82-4DD108D25B7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p190:*:*:*:*:*:*",
"matchCriteriaId": "A0FB2BFD-AE6A-46D5-828A-0CAE5E445B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p191:*:*:*:*:*:*",
"matchCriteriaId": "7A25BD2C-AF41-4438-B32D-44BD331E8D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p192:*:*:*:*:*:*",
"matchCriteriaId": "10D2C131-7219-4416-9A3F-262615760DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p193:*:*:*:*:*:*",
"matchCriteriaId": "7EE354F9-58B9-4DCD-91EC-030F079EC8E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p194:*:*:*:*:*:*",
"matchCriteriaId": "3E129E07-8B34-45C5-BDAC-89B8ECA960DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p195:*:*:*:*:*:*",
"matchCriteriaId": "B826EAE0-D9BA-4C7D-A5BE-561E5AB35664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p196:*:*:*:*:*:*",
"matchCriteriaId": "931932A6-D19A-4B85-A90A-BA52D9AFA9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p197:*:*:*:*:*:*",
"matchCriteriaId": "516748AA-9E25-4C2C-8D58-7E75D373F6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p198:*:*:*:*:*:*",
"matchCriteriaId": "61DC3B1A-7264-44F2-915A-716FD133E5C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p199:*:*:*:*:*:*",
"matchCriteriaId": "DFD406BC-AFDE-4425-9C63-7D58ADCC24C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p200:*:*:*:*:*:*",
"matchCriteriaId": "86F9B4C0-0504-43ED-B64C-894E4B4E77E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p201:*:*:*:*:*:*",
"matchCriteriaId": "A2A9EB64-BB4A-4E4E-994B-0145AD134588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p202:*:*:*:*:*:*",
"matchCriteriaId": "655A7FF1-672A-490F-9E41-0AA40A1DEFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:*",
"matchCriteriaId": "EA207F59-B630-4BBB-9CD7-BA7B64581907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:*",
"matchCriteriaId": "06AE2082-B219-4E94-89E8-E1328224C9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:*",
"matchCriteriaId": "6E0F5656-3E41-4568-A810-F2CFA3677488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:*",
"matchCriteriaId": "934152EB-5F5A-4BD8-B832-3B342551F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:*",
"matchCriteriaId": "6936BEB5-B765-45C5-B671-A9D0CC4988C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:*",
"matchCriteriaId": "BAA1E4CD-45EE-4814-AC6B-DE786C5B3B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:*",
"matchCriteriaId": "95779DD0-C768-4B1C-A720-23BE19606B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:*",
"matchCriteriaId": "1B035472-2B64-4BE4-8D25-6E31937641E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:*",
"matchCriteriaId": "3CE88876-F0BB-43A1-9A4A-91C5D6FFC02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:*",
"matchCriteriaId": "4E4BE466-B479-47BA-9A1F-F0184E252103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:*",
"matchCriteriaId": "4E6D7F8F-EF71-44E6-B33F-E0265266C616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:*",
"matchCriteriaId": "AC47FB1E-289A-4AA1-9DF1-0CEE13C9335F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:*",
"matchCriteriaId": "B7BC8DB4-E715-44F1-8759-0414613C9F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p216:*:*:*:*:*:*",
"matchCriteriaId": "5AF5BC27-EE65-4FB4-975E-FA3933B3202C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p217:*:*:*:*:*:*",
"matchCriteriaId": "795D50A9-41E5-40CE-88E9-391229607301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p218:*:*:*:*:*:*",
"matchCriteriaId": "1DE4338B-F5B3-4410-886D-0F28A7ECE824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p219:*:*:*:*:*:*",
"matchCriteriaId": "B1463DC6-D0C7-46E6-8418-B7900C99D079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p220:*:*:*:*:*:*",
"matchCriteriaId": "C5B7AA5B-2BD5-4F19-A8BB-DF4677995602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p221:*:*:*:*:*:*",
"matchCriteriaId": "DBCF724B-5018-4794-97D9-D8EDC2F04060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p222:*:*:*:*:*:*",
"matchCriteriaId": "2A62EAF1-3D51-456F-BBE3-A2E8CBE7960D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p223:*:*:*:*:*:*",
"matchCriteriaId": "67D86D6C-A8A3-4CD4-B1A5-57941B51C732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p224:*:*:*:*:*:*",
"matchCriteriaId": "E793243F-4179-46C9-B422-DC3D6E688B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p225:*:*:*:*:*:*",
"matchCriteriaId": "6EAC9B6E-3A88-4DED-A5D4-862E076620BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p226:*:*:*:*:*:*",
"matchCriteriaId": "AD8E8B74-6E16-47FF-A019-54B0438A8CE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p227:*:*:*:*:*:*",
"matchCriteriaId": "3C210EFA-7BF2-4EEE-B59C-F3C75743E182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p228:*:*:*:*:*:*",
"matchCriteriaId": "23A9CDE2-4520-4542-93B0-74A01E919597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p229:*:*:*:*:*:*",
"matchCriteriaId": "94A7790A-DACE-4F02-B2FF-2C851EFD9717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p230:*:*:*:*:*:*",
"matchCriteriaId": "5ED47A47-3CB2-45CC-8147-CFFE0B93D966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1:*:*:*:*:*:*",
"matchCriteriaId": "4FC2172C-73BD-441D-9963-5C9E89FB68F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1:*:*:*:*:*:*",
"matchCriteriaId": "485C8744-A185-46EB-B27F-8A42ED76964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1:*:*:*:*:*:*",
"matchCriteriaId": "C01153E2-A4E3-4EF9-A33E-1026F578CB44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1:*:*:*:*:*:*",
"matchCriteriaId": "505CE414-C5E5-4251-9F02-A8A0DA6C0E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1:*:*:*:*:*:*",
"matchCriteriaId": "607E83FB-FDB7-49CA-9DA9-B8DA43C3DF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1:*:*:*:*:*:*",
"matchCriteriaId": "864BA14B-B357-4ADD-BCE1-B2EAE4D299FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1:*:*:*:*:*:*",
"matchCriteriaId": "2856AAB8-172F-4657-85FF-9FFB698C4457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7C2B8290-8AD6-4EDD-9736-730DD33CA73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A509FC81-ABFD-4CE1-ABD6-C47ECCF97892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1:*:*:*:*:*:*",
"matchCriteriaId": "7111A1FB-142C-4538-BC96-F71AEDC0FB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*",
"matchCriteriaId": "FB54C36C-F07A-4F99-A093-8EF10689E1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD57B6E4-9947-4790-BCAF-30B37C7CB837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1:*:*:*:*:*:*",
"matchCriteriaId": "232170D9-923D-4DA5-9A7D-6A5BDCD37165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1:*:*:*:*:*:*",
"matchCriteriaId": "A0BE1B30-DB6E-4029-8212-035449CEE22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1:*:*:*:*:*:*",
"matchCriteriaId": "3181F3BF-8704-4D54-ABC4-CB68C89AF52D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1:*:*:*:*:*:*",
"matchCriteriaId": "E61A5F5E-8DCC-4809-A2DE-E39C8E01976F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1:*:*:*:*:*:*",
"matchCriteriaId": "1D2E80CD-0EAA-423B-B885-EDC5BFE962BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1:*:*:*:*:*:*",
"matchCriteriaId": "11F45456-692B-415D-BDBF-BA639AA622BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1:*:*:*:*:*:*",
"matchCriteriaId": "FCEF3E6A-48C3-4A00-B286-58E642DE5928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CE352E5-DFFC-4580-9D5E-95EE7A5C2BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication."
},
{
"lang": "es",
"value": "Los paquetes Crypto-NAK en ntpd en NTP 4.2.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permiten que atacantes remotos eludan la autenticaci\u00f3n."
}
],
"id": "CVE-2015-7871",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2941"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77287"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
"matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
"versionEndIncluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos causar una denegaci\u00f3n de servicio (asociaci\u00f3n cliente-servidor) por el env\u00edo de paquetes de difusi\u00f3n con autenticaci\u00f3n no v\u00e1lida a un cliente transmisor."
}
],
"id": "CVE-2015-7979",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81816"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F",
"versionEndExcluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3207DA93-AFE7-45D8-90DA-A12F6AB76293",
"versionEndExcluding": "4.3.90",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "683BC810-0492-4A7A-8F68-52A73A8CB187",
"versionEndExcluding": "10.1",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A308448F-7FAD-4CAA-B204-94979A0055EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "9D942069-86FD-4777-B144-27F68845510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:*",
"matchCriteriaId": "8BCB79FA-CF26-4DA9-BE6B-DB38F4BD76DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:*",
"matchCriteriaId": "6937683B-ADC8-452E-BCD7-34ED8656D75E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:*",
"matchCriteriaId": "0B50A898-C510-4582-8931-2820D2FFB646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:*",
"matchCriteriaId": "5016E4BB-D905-49BF-8B23-40DD9F9BC133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:*",
"matchCriteriaId": "C4009691-42D4-4E04-BA72-EAC9E30C30E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "AC531D8E-31B3-48B1-8B79-85B9FB67CF0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:*",
"matchCriteriaId": "4B161FA9-E1A8-407B-80A9-9F57DF4E6932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:*",
"matchCriteriaId": "C608B9D9-28DD-4470-A5A2-96B030E8EA0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:*",
"matchCriteriaId": "50702FA4-624E-4C47-B672-8479ED7EB00C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:*",
"matchCriteriaId": "A05DE064-17DC-4BC3-BFA7-1FF31324BB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:*",
"matchCriteriaId": "3785D821-D809-4948-92E0-CD6F93D06D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:*",
"matchCriteriaId": "4F309C4D-DBE9-4FDC-9F71-670FE84E8859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "B9D919A6-BBEC-416C-8FC0-5CA7B0191E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "22A2F317-2F1A-4D3F-8E31-B5ABFCEE2AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:*",
"matchCriteriaId": "179468E8-0FB7-4E1A-9002-AFC8753027AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:*",
"matchCriteriaId": "CF8563F3-DD91-4272-B72D-08F66E2E44C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:*",
"matchCriteriaId": "642BCA8F-6432-43D2-9E74-565CC71A9DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:*",
"matchCriteriaId": "09003BFB-72FB-4F89-B62C-4A2505E60630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:*",
"matchCriteriaId": "794DB6C2-514F-4353-AC31-025D53FFC3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "55448583-DD8E-44FA-9033-CEB8E63FC2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:*",
"matchCriteriaId": "A238C1FE-D4D3-4EEC-ACBE-341B112123EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:*",
"matchCriteriaId": "BABAD599-782F-4BFE-9EE2-0668ECAAC349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:*",
"matchCriteriaId": "C263C188-EA00-4110-B9A5-16C0CD0F1DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:*",
"matchCriteriaId": "75F93217-BCD4-4AD4-9621-49C83BA3FFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:*",
"matchCriteriaId": "1860A2E7-8E58-4082-9C71-E4F383244953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:*",
"matchCriteriaId": "B07FABAF-00CF-4284-AAC2-F3D6DA3D3841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:*",
"matchCriteriaId": "87440763-A4AF-44E9-AB26-155313A64269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "5F2A6E84-E37B-4E21-BBD9-FDB878D53D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:*",
"matchCriteriaId": "2D5B97BE-4A7F-4482-8A7F-A7DB5314CEA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:*",
"matchCriteriaId": "256FDB00-0427-4B72-B9FA-1FE4AD56EC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:*",
"matchCriteriaId": "5EC0C4BA-089F-44B1-A49B-2CDDEC86997B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:*",
"matchCriteriaId": "F7713F76-A9C7-498B-BEEC-B022D13268A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:*",
"matchCriteriaId": "E51647B0-B346-4FCB-97BE-22D43D002B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:*",
"matchCriteriaId": "D5F7A00A-5A6B-46FA-8527-14917C50555A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "466EA7B2-FBAF-4325-AD99-F5F4B0E5C0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "EAD3F82B-E13C-40CE-BF65-4DA204FCDE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:*",
"matchCriteriaId": "23E2935E-7159-45A2-9164-978453F24BDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:*",
"matchCriteriaId": "1B7F75CF-F808-4BD6-9A46-AA5C1989F740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:*",
"matchCriteriaId": "3EC40899-2775-45B9-96C1-8A9E7FAB7A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:*",
"matchCriteriaId": "A22BC7A2-BA8D-4C1D-A51A-7DF7EDEDDCC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:*",
"matchCriteriaId": "C1C1DA92-2184-4FB0-8392-AF80E7D6EB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "C59FCA1F-C2F9-4E11-A457-7979C94ECD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:*",
"matchCriteriaId": "13BA0876-9EFB-474E-83BB-9A53F38ADD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "041C28B8-8EA6-461D-B6CB-13E3B9FF8411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:*",
"matchCriteriaId": "91362F1A-CB09-4505-A724-332C743D9624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:*",
"matchCriteriaId": "D7F738CA-C3F4-4A30-9FF6-F0BD1DC1CC84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p8:*:*:*:*:*:*",
"matchCriteriaId": "44685E95-3139-4A82-9A8B-EB5379DF0558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:p9:*:*:*:*:*:*",
"matchCriteriaId": "8F92482C-F8B9-47A7-B5F1-ACBAC2A91646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando est\u00e1 configurado en modo de difusi\u00f3n, permite a atacantes man-in-the-middle realizar ataques de repetici\u00f3n rastreando la red."
}
],
"id": "CVE-2015-7973",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81963"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*",
"matchCriteriaId": "72A23255-B135-4A4C-A2BA-A93026C0F520",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet."
},
{
"lang": "es",
"value": "ntpd en NTP en versiones anteriores a 4.2.8p9, cuando el servicio de captura est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda) a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2016-9311",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3119"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94444"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108922292425219&w=2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/584606 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15406 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108922292425219&w=2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/584606 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15406 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| hp | tru64_unix | 4.0f | |
| hp | tru64_unix | 4.0g | |
| hp | tru64_unix | 5.1b | |
| hp | tru64_unix | 5.1b | |
| hp | tru64_unix | 5.1b | |
| hp | tru64_unix | 51.1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C03E333-4134-45A7-BEBE-F11B6BAC23A1",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:tru64_unix:4.0f:patch_kit8:*:*:*:*:*:*",
"matchCriteriaId": "6C6010E5-384D-4C9F-A4F3-B0831E5FB52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:tru64_unix:4.0g:patch_kit4:*:*:*:*:*:*",
"matchCriteriaId": "BD8CD4EF-0EBA-4DFB-85A6-208AE5A110B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:tru64_unix:5.1b:patch_kit2:*:*:*:*:*:*",
"matchCriteriaId": "4DBFB15C-D5A4-4003-8662-5AE9F17C3386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:tru64_unix:5.1b:patch_kit3:*:*:*:*:*:*",
"matchCriteriaId": "45BF8036-F75D-48F7-91ED-15866216ACE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:tru64_unix:5.1b:patch_kit4:*:*:*:*:*:*",
"matchCriteriaId": "B8811ED0-6CA8-4BB9-A2F3-28290219B2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:hp:tru64_unix:51.1a:patch_kit6:*:*:*:*:*:*",
"matchCriteriaId": "F3AB2950-9C18-4BAC-805D-D05B894F5AF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server\u0027s time."
}
],
"id": "CVE-2004-0657",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108922292425219\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584606"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15406"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108922292425219\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15406"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el controlador refclock legado Datum Programmable Time Server (DPTS) en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a trav\u00e9s de un dispositivo /dev/datum manipulado."
}
],
"id": "CVE-2017-6462",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3388"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97045"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3707-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| opensuse | suse_linux_enterprise_server | 11.0 | |
| opensuse_project | suse_linux_enterprise_desktop | 11.0 | |
| suse | suse_linux_enterprise_server | 11.0 | |
| fedoraproject | fedora | 21 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_for_ibm_z_systems | 6.0 | |
| redhat | enterprise_linux_for_power_big_endian | 6.0 | |
| redhat | enterprise_linux_for_scientific_computing | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_from_rhui_6 | 6.0 | |
| redhat | enterprise_linux_workstation | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "6204AF9C-23BA-466A-85CD-9A8EF4522818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse_project:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "99258893-3460-4476-9D7B-87A105929E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*",
"matchCriteriaId": "103582CB-029E-4201-B391-897B49BE8DDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5291B60-AB52-4830-8E1A-8048A471902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25C8B513-76C1-4184-A253-CB32F04A05BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "634C23AC-AC9C-43F4-BED8-1C720816D5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui_6:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6E2B14-4C84-4276-AAC4-EC9AE5985F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys."
},
{
"lang": "es",
"value": "ntp-keygen en ntp en versiones 4.2.8px anteriores a la 4.2.8p2-RC2 y en versiones 4.3.x anteriores a la 4.3.12 no genera claves MD5 con la suficiente entrop\u00eda en m\u00e1quinas big endian cuando el byte de menor orden de la variable temp se sit\u00faa entre 0x20 y 0x7f y no #. Esto podr\u00eda permitir que atacantes remotos obtengan el valor de las claves MD5 generadas mediante un ataque de fuerza bruta con las 93 claves posibles."
}
],
"id": "CVE-2015-3405",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T16:29:00.190",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74045"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"source": "secalert@redhat.com",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-05-19 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.4p0 | |
| ntp | ntp | 4.2.4p1 | |
| ntp | ntp | 4.2.4p2 | |
| ntp | ntp | 4.2.4p3 | |
| ntp | ntp | 4.2.4p4 | |
| ntp | ntp | 4.2.4p5 | |
| ntp | ntp | 4.2.4p6 | |
| ntp | ntp | 4.2.5p0 | |
| ntp | ntp | 4.2.5p1 | |
| ntp | ntp | 4.2.5p2 | |
| ntp | ntp | 4.2.5p3 | |
| ntp | ntp | 4.2.5p4 | |
| ntp | ntp | 4.2.5p5 | |
| ntp | ntp | 4.2.5p6 | |
| ntp | ntp | 4.2.5p7 | |
| ntp | ntp | 4.2.5p8 | |
| ntp | ntp | 4.2.5p9 | |
| ntp | ntp | 4.2.5p10 | |
| ntp | ntp | 4.2.5p11 | |
| ntp | ntp | 4.2.5p12 | |
| ntp | ntp | 4.2.5p13 | |
| ntp | ntp | 4.2.5p14 | |
| ntp | ntp | 4.2.5p15 | |
| ntp | ntp | 4.2.5p16 | |
| ntp | ntp | 4.2.5p17 | |
| ntp | ntp | 4.2.5p18 | |
| ntp | ntp | 4.2.5p19 | |
| ntp | ntp | 4.2.5p20 | |
| ntp | ntp | 4.2.5p21 | |
| ntp | ntp | 4.2.5p23 | |
| ntp | ntp | 4.2.5p24 | |
| ntp | ntp | 4.2.5p25 | |
| ntp | ntp | 4.2.5p26 | |
| ntp | ntp | 4.2.5p27 | |
| ntp | ntp | 4.2.5p28 | |
| ntp | ntp | 4.2.5p29 | |
| ntp | ntp | 4.2.5p30 | |
| ntp | ntp | 4.2.5p31 | |
| ntp | ntp | 4.2.5p32 | |
| ntp | ntp | 4.2.5p33 | |
| ntp | ntp | 4.2.5p35 | |
| ntp | ntp | 4.2.5p36 | |
| ntp | ntp | 4.2.5p37 | |
| ntp | ntp | 4.2.5p38 | |
| ntp | ntp | 4.2.5p39 | |
| ntp | ntp | 4.2.5p40 | |
| ntp | ntp | 4.2.5p41 | |
| ntp | ntp | 4.2.5p42 | |
| ntp | ntp | 4.2.5p43 | |
| ntp | ntp | 4.2.5p44 | |
| ntp | ntp | 4.2.5p45 | |
| ntp | ntp | 4.2.5p46 | |
| ntp | ntp | 4.2.5p47 | |
| ntp | ntp | 4.2.5p48 | |
| ntp | ntp | 4.2.5p49 | |
| ntp | ntp | 4.2.5p50 | |
| ntp | ntp | 4.2.5p51 | |
| ntp | ntp | 4.2.5p52 | |
| ntp | ntp | 4.2.5p53 | |
| ntp | ntp | 4.2.5p54 | |
| ntp | ntp | 4.2.5p55 | |
| ntp | ntp | 4.2.5p56 | |
| ntp | ntp | 4.2.5p57 | |
| ntp | ntp | 4.2.5p58 | |
| ntp | ntp | 4.2.5p59 | |
| ntp | ntp | 4.2.5p60 | |
| ntp | ntp | 4.2.5p61 | |
| ntp | ntp | 4.2.5p62 | |
| ntp | ntp | 4.2.5p63 | |
| ntp | ntp | 4.2.5p64 | |
| ntp | ntp | 4.2.5p65 | |
| ntp | ntp | 4.2.5p66 | |
| ntp | ntp | 4.2.5p67 | |
| ntp | ntp | 4.2.5p68 | |
| ntp | ntp | 4.2.5p69 | |
| ntp | ntp | 4.2.5p70 | |
| ntp | ntp | 4.2.5p71 | |
| ntp | ntp | 4.2.5p73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA843BCD-372A-42F5-A8C0-1AD32FA9E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B980A178-2958-4B36-8AD8-3932B12C5A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "5D65210A-F80E-4019-91DA-49838369E03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "29FAB224-3493-4273-A655-10BE44F5B5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "093F0DD2-9E88-4138-AFF5-69105E7F2C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3590927-E242-411D-822A-33337D6B8A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.4p6:*:*:*:*:*:*:*",
"matchCriteriaId": "20FCD55C-D4A8-4544-81AF-C920B3B48A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p0:*:*:*:*:*:*:*",
"matchCriteriaId": "881ED983-01B5-4A02-B671-8744EC0E1904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3897870-1724-4018-8F77-122548022535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p2:*:*:*:*:*:*:*",
"matchCriteriaId": "7012720C-D4BD-40C5-8521-6859BE46DDDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8474ADA-F2A8-494D-BB6F-6EA4D4B865B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p4:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFC396E-2E5C-4576-94D3-96C619523CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p5:*:*:*:*:*:*:*",
"matchCriteriaId": "19F55042-5CA1-453E-A786-A8B346C02BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p6:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C5930E-7792-4940-9EC3-CD5AE78D51B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p7:*:*:*:*:*:*:*",
"matchCriteriaId": "87004177-C6F2-4057-919D-20D91D01A8B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p8:*:*:*:*:*:*:*",
"matchCriteriaId": "E01570E4-447A-4F60-BD5C-40D201A464F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p9:*:*:*:*:*:*:*",
"matchCriteriaId": "440B4315-C7B3-4930-BD4D-B55BD3EEEE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p10:*:*:*:*:*:*:*",
"matchCriteriaId": "760050D5-5F8E-41CE-98DA-31E5BFB8A6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p11:*:*:*:*:*:*:*",
"matchCriteriaId": "96E4FED4-A7F0-44C0-9405-1AB07D9B0079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p12:*:*:*:*:*:*:*",
"matchCriteriaId": "78977FE3-FF1E-47CA-9B97-3E6EC18894B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p13:*:*:*:*:*:*:*",
"matchCriteriaId": "11E24A99-575E-42EB-9463-29021A33C914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p14:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB88D29-930C-4552-889D-4DBF23EC3760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p15:*:*:*:*:*:*:*",
"matchCriteriaId": "E13EE5C4-594E-4004-A8BC-AD4D3608FF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p16:*:*:*:*:*:*:*",
"matchCriteriaId": "16009504-A8ED-43E9-A7F9-E8E1628449BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p17:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4A86DA-E8CB-44B5-9E7D-A69A149FAF8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p18:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F918DA-D4F3-4016-861E-78A8A00F9FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p19:*:*:*:*:*:*:*",
"matchCriteriaId": "DD908ABD-5A18-436B-830B-7F252E22B3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p20:*:*:*:*:*:*:*",
"matchCriteriaId": "E8152815-3510-4FE7-A8B9-51EB857D7262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p21:*:*:*:*:*:*:*",
"matchCriteriaId": "C03D4FCB-A0CE-45EA-80FC-523F388E51A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p23:*:*:*:*:*:*:*",
"matchCriteriaId": "86CBFD14-8B03-4F0D-8B0F-670629334D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p24:*:*:*:*:*:*:*",
"matchCriteriaId": "656E046B-C3F2-4DD5-B3C2-C60ACEBC808C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p25:*:*:*:*:*:*:*",
"matchCriteriaId": "014A6026-C4B9-4E09-9170-059D1FD8D95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p26:*:*:*:*:*:*:*",
"matchCriteriaId": "51BAB21E-C818-492A-A537-EFDF57E412EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p27:*:*:*:*:*:*:*",
"matchCriteriaId": "92CACCD1-DF24-4226-A891-6FD7EBB0E57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p28:*:*:*:*:*:*:*",
"matchCriteriaId": "824DE9A3-5ABF-4E9F-985D-0633893CAECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p29:*:*:*:*:*:*:*",
"matchCriteriaId": "8A27E0EA-38B8-49F0-818B-BB4CAA7EF7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p30:*:*:*:*:*:*:*",
"matchCriteriaId": "8347419F-6B7F-4BA6-B03C-3A52E5F7148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p31:*:*:*:*:*:*:*",
"matchCriteriaId": "23D73277-B636-4F50-88F0-A79278EB6AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p32:*:*:*:*:*:*:*",
"matchCriteriaId": "4701E3A4-FE51-4A48-8ABB-67DFE815BBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p33:*:*:*:*:*:*:*",
"matchCriteriaId": "3A2E5F24-1242-4819-8787-4F2EB9E97C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p35:*:*:*:*:*:*:*",
"matchCriteriaId": "DD55122C-2983-4193-BC46-6269A348EC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p36:*:*:*:*:*:*:*",
"matchCriteriaId": "D4199168-912C-4702-801C-A36394ED494B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p37:*:*:*:*:*:*:*",
"matchCriteriaId": "3D89067A-7F24-458A-AD6F-ADFB92C24F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p38:*:*:*:*:*:*:*",
"matchCriteriaId": "362FDB7C-EA5E-480D-96FB-2BCEF7F4E64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p39:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3E2B20-E6B7-47DB-8A02-CAAF6C2B1597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p40:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3B4EA-053B-4A25-88F8-A788F88488A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p41:*:*:*:*:*:*:*",
"matchCriteriaId": "24B31D93-005E-498A-8935-EC31DC104B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p42:*:*:*:*:*:*:*",
"matchCriteriaId": "125D14D2-3443-46E6-AC58-967683604B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p43:*:*:*:*:*:*:*",
"matchCriteriaId": "E2969C79-0B8F-4759-9978-7432BA388ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p44:*:*:*:*:*:*:*",
"matchCriteriaId": "485E789D-B602-477E-BD10-0054AEE98D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p45:*:*:*:*:*:*:*",
"matchCriteriaId": "83284150-1E06-45B0-BD75-7BE895EB99B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p46:*:*:*:*:*:*:*",
"matchCriteriaId": "3298B973-D08A-44A6-AD60-0E18A9FF55AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p47:*:*:*:*:*:*:*",
"matchCriteriaId": "06314717-CF64-4269-A049-F70396CA000A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p48:*:*:*:*:*:*:*",
"matchCriteriaId": "EF909823-66E7-49AE-9385-DCDA7CD5EB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p49:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FE8C8E-6051-4DB8-B03B-6EF211992545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p50:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FF094E-49CA-41BB-A568-2BA49D770270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p51:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0D9B6F-3838-40ED-9998-89E66EEA79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p52:*:*:*:*:*:*:*",
"matchCriteriaId": "8076E3B3-57DA-425A-9CBD-426ADE3735F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p53:*:*:*:*:*:*:*",
"matchCriteriaId": "E66A89E0-B31A-4469-859C-6C323399A706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p54:*:*:*:*:*:*:*",
"matchCriteriaId": "6813F72B-4D8B-4903-BCB7-5A0EDE288B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p55:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8F957C-632F-4E5D-82E3-B3DF6572C924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p56:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC1DBF1-C2EE-4241-A50F-40E837B84C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p57:*:*:*:*:*:*:*",
"matchCriteriaId": "A7826192-660B-49AC-B1B8-BD799712DF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p58:*:*:*:*:*:*:*",
"matchCriteriaId": "3443D451-1845-4440-AFB8-D6432585CBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p59:*:*:*:*:*:*:*",
"matchCriteriaId": "88C81B35-94C8-4881-B2FA-AF8214AAEBF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p60:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3BDB8B-21E7-45EB-B39A-8822B64196ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p61:*:*:*:*:*:*:*",
"matchCriteriaId": "808929AC-EC57-49FF-9FCC-FE593743EE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p62:*:*:*:*:*:*:*",
"matchCriteriaId": "28C8CE4D-6C53-490E-8223-A6A4EEEA2CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p63:*:*:*:*:*:*:*",
"matchCriteriaId": "C49B2C1E-5653-4DA9-96A1-8E84A0AAB95E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p64:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCD5198-26B4-4334-8077-916EA21F0760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p65:*:*:*:*:*:*:*",
"matchCriteriaId": "AD533741-97B8-4726-A7C4-4B7D0723817E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p66:*:*:*:*:*:*:*",
"matchCriteriaId": "0336E989-FB7F-49CC-9FC9-F10B5C6716CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p67:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD72509-2E02-4C18-8AB1-7FAB7016EB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p68:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD88BB1-C82A-4021-BEA3-40B23CA2A5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p69:*:*:*:*:*:*:*",
"matchCriteriaId": "79740F38-3210-4AF2-80C7-692DA5C5E315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p70:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1FB0C1-3A68-41A3-9290-1CAA09042716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p71:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA193DE-E94C-4229-8FBC-1E35884F310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.5p73:*:*:*:*:*:*:*",
"matchCriteriaId": "C76D8727-2324-4A2B-B73A-99E452FD07E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n crypto_recv en ntp_crypto.c en ntpd en NTP anteriores a v4.2.4p7 y v4.2.5 anterior a v4.2.5p74, cuando OpenSSL y autokey est\u00e1n activados, permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de paquetes manipulados que contienen un campo de extension."
}
],
"id": "CVE-2009-1252",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-05-19T19:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35137"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35138"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35166"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35169"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35243"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35253"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35308"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35336"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35388"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35630"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37470"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37471"
},
{
"source": "cve@mitre.org",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/853097"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35017"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022243"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1361"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/cve/2009-1252"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
},
{
"source": "cve@mitre.org",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/777-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/853097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/cve/2009-1252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/777-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock."
},
{
"lang": "es",
"value": "Un par malicioso autenticado puede crear arbitrariamente muchas asociaciones ef\u00edmeras para ganar el algoritmo de selecci\u00f3n de reloj en ntpd en NTP 4.2.8p4 y versiones anteriores y NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 y a5fb34b9cc89b92a8fef2f459004865c93bb7f92 y modificar un reloj de una v\u00edctima."
}
],
"id": "CVE-2016-1549",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.383",
"references": [
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/88200"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cret@cert.org",
"tags": [
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/"
},
{
"source": "cret@cert.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cret@cert.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cret@cert.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cret@cert.org",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/88200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 21:15
Modified
2025-02-11 16:15
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*",
"matchCriteriaId": "D300A755-9809-4469-8C08-20CB451C83A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a \u0027\\0\u0027 character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
}
],
"id": "CVE-2023-26554",
"lastModified": "2025-02-11T16:15:36.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T21:15:21.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26554"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.7 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| hpe | hpux-ntp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3505DE7A-B365-4455-A7BC-474019426C46",
"versionEndExcluding": "4.3.94",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p100:*:*:*:*:*:*",
"matchCriteriaId": "18088A3E-C30F-4133-9D1A-B39181513EF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p101:*:*:*:*:*:*",
"matchCriteriaId": "52B6CFF0-2C07-4706-A3B1-618015F52D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p102:*:*:*:*:*:*",
"matchCriteriaId": "90BF6D6B-DB23-4E50-A7D3-81B5F1CC5572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p103:*:*:*:*:*:*",
"matchCriteriaId": "E79B84AA-FB11-453D-8216-CF25FBF15544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p104:*:*:*:*:*:*",
"matchCriteriaId": "EB264FC5-0D41-48F8-802D-5C1710A5B4D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p105:*:*:*:*:*:*",
"matchCriteriaId": "81AB3169-0D14-46D3-9EBB-2835198EB94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p106:*:*:*:*:*:*",
"matchCriteriaId": "D09EEB13-4F4A-4EF2-9F80-66D0E0E54FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p107:*:*:*:*:*:*",
"matchCriteriaId": "7776F628-D8B9-4691-849D-4B483740CAA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p108:*:*:*:*:*:*",
"matchCriteriaId": "8C83234B-7CB1-46DE-AAA3-81D457C6BE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p109:*:*:*:*:*:*",
"matchCriteriaId": "0EA68A07-98D5-4025-AA23-E32F8CD71769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p110:*:*:*:*:*:*",
"matchCriteriaId": "880AABF9-B93D-468A-8C4B-9D3760DEE6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p111:*:*:*:*:*:*",
"matchCriteriaId": "40680475-27E0-41B9-9C52-E6498A36EBBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p112:*:*:*:*:*:*",
"matchCriteriaId": "6D871458-BC51-43BB-BD35-9DE945A6B772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p113:*:*:*:*:*:*",
"matchCriteriaId": "1EEE464F-6634-4214-B423-641AB29856AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p114:*:*:*:*:*:*",
"matchCriteriaId": "49407030-4250-4DDD-B51A-794ED2AF8C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p115:*:*:*:*:*:*",
"matchCriteriaId": "F43B2F0B-901F-4465-A736-5CC1CDDE3E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p116:*:*:*:*:*:*",
"matchCriteriaId": "31BEC66A-6C37-407B-BBF5-35AC0FF7EC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p117:*:*:*:*:*:*",
"matchCriteriaId": "51A56AD7-B69A-4326-9889-BF90AB22F384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p118:*:*:*:*:*:*",
"matchCriteriaId": "A145C1A2-FB8E-49A2-B1CF-D5FB43EA1525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p119:*:*:*:*:*:*",
"matchCriteriaId": "68372642-A1A1-4723-9648-F60CBF77EF50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p120:*:*:*:*:*:*",
"matchCriteriaId": "1A6C505D-3AB5-42F6-9902-C5668E28ADB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p121:*:*:*:*:*:*",
"matchCriteriaId": "CE27B2F8-4F46-4DDE-920F-3EB1967A53BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p122:*:*:*:*:*:*",
"matchCriteriaId": "58915E9F-AA40-46CF-B137-6BCF8798733A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p123:*:*:*:*:*:*",
"matchCriteriaId": "EB4512B9-33AA-4B43-9579-C583F90581C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p124:*:*:*:*:*:*",
"matchCriteriaId": "88725E06-49C9-45B4-9ECA-06B8B3EB5A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p125:*:*:*:*:*:*",
"matchCriteriaId": "72126656-2722-44F4-B01C-BEC19103C0F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p126:*:*:*:*:*:*",
"matchCriteriaId": "37503B24-23B0-4871-89AC-839F60A5EACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p127:*:*:*:*:*:*",
"matchCriteriaId": "83A7A62B-3189-43E7-897B-8DD9B98E6914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p128:*:*:*:*:*:*",
"matchCriteriaId": "95471C0C-0F04-4EE7-92A5-83AB955138DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p129:*:*:*:*:*:*",
"matchCriteriaId": "F1FA55A0-66F8-49AB-8707-C7E4A070E5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p130:*:*:*:*:*:*",
"matchCriteriaId": "0000B855-4012-44DA-BF40-4F59A2476FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p131:*:*:*:*:*:*",
"matchCriteriaId": "EA3F0379-E0AB-429C-A1D1-8D10D96DE3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p132:*:*:*:*:*:*",
"matchCriteriaId": "CB716665-7EB8-4E22-9F38-19329F0DD7B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p133:*:*:*:*:*:*",
"matchCriteriaId": "E31C1F62-9AB3-4D4D-939D-EE21B7196A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p134:*:*:*:*:*:*",
"matchCriteriaId": "5CD11265-AD38-4473-9609-194BC9F67C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p135:*:*:*:*:*:*",
"matchCriteriaId": "14CE2B31-8E10-40B5-88C6-D9807CA47B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p136:*:*:*:*:*:*",
"matchCriteriaId": "99F04650-84E0-48A9-A351-B465736D5D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p137:*:*:*:*:*:*",
"matchCriteriaId": "814A5DC9-6B9D-4813-A55F-0D81C7B5B992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p138:*:*:*:*:*:*",
"matchCriteriaId": "012727A7-261B-4F63-AB65-9DE07CE4B5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p139:*:*:*:*:*:*",
"matchCriteriaId": "E724003A-14AE-445C-995B-D135EFA01FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p140:*:*:*:*:*:*",
"matchCriteriaId": "44B0664F-3B93-444E-9D5B-6A8D8DA997E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p141:*:*:*:*:*:*",
"matchCriteriaId": "56324E0F-41B5-4F78-8559-C008BF41D6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p142:*:*:*:*:*:*",
"matchCriteriaId": "20512BFF-402E-40C5-8A44-51BD43216FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p143:*:*:*:*:*:*",
"matchCriteriaId": "34FE8F13-56E9-4AA0-974A-B24EC585015E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p144:*:*:*:*:*:*",
"matchCriteriaId": "D09C706D-0A89-4A6F-9EAE-63725B71CB79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p145:*:*:*:*:*:*",
"matchCriteriaId": "99F276D8-6B10-46C7-8673-B53001865DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p146:*:*:*:*:*:*",
"matchCriteriaId": "E3FC1D17-6238-4299-99CC-22676FE4A950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p147:*:*:*:*:*:*",
"matchCriteriaId": "695C6140-B842-4DFF-B362-B4378EEBB7DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p148:*:*:*:*:*:*",
"matchCriteriaId": "2EF5BC29-E0EE-4BE2-9054-0CB7A98620B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p149:*:*:*:*:*:*",
"matchCriteriaId": "2FE15E41-3CF0-48B0-A919-361AD8A12500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p150:*:*:*:*:*:*",
"matchCriteriaId": "F05BDA31-209D-492D-B48B-6456D2DC6D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p151:*:*:*:*:*:*",
"matchCriteriaId": "1CF90708-FF1C-4F6B-B5EC-07D508D9A7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p152:*:*:*:*:*:*",
"matchCriteriaId": "4543D8D1-4572-4867-B90E-4CB674A9682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p153:*:*:*:*:*:*",
"matchCriteriaId": "5BF0B3DD-DE8D-4EA6-B83B-BAE7F41B36FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p154:*:*:*:*:*:*",
"matchCriteriaId": "E8429C6A-5191-4F31-B073-8471D15BDABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p155:*:*:*:*:*:*",
"matchCriteriaId": "C452E6AE-87FE-489C-A397-1B50243AEB6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p156:*:*:*:*:*:*",
"matchCriteriaId": "835FCE24-A3D8-4E44-9D62-AF5DB95BE003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p157:*:*:*:*:*:*",
"matchCriteriaId": "4CFAC891-2709-480C-B6E3-D19F31EF7C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p158:*:*:*:*:*:*",
"matchCriteriaId": "015BD2A6-0352-490E-8E8D-2CEC6BBA5728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p159:*:*:*:*:*:*",
"matchCriteriaId": "18DAFA1F-4434-47C8-8F84-97CE83BBD1CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p160:*:*:*:*:*:*",
"matchCriteriaId": "715A4D93-2953-4682-9384-740A71CAE9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p161:*:*:*:*:*:*",
"matchCriteriaId": "6FD41C7B-253A-4171-82CA-50BA017C14A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p162:*:*:*:*:*:*",
"matchCriteriaId": "13D73E63-D350-416C-818A-36B8F113D82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p163:*:*:*:*:*:*",
"matchCriteriaId": "301E509C-0DB3-4358-B6F7-AD133CE35F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p164:*:*:*:*:*:*",
"matchCriteriaId": "7E5E396E-BA00-4C12-939E-28F39BFBE756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p165:*:*:*:*:*:*",
"matchCriteriaId": "F70DFABC-ECD4-4672-8822-C2370AE4BBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p166:*:*:*:*:*:*",
"matchCriteriaId": "3180ABA9-D556-4E89-AEF8-0E0BA05328AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p170:*:*:*:*:*:*",
"matchCriteriaId": "A6C5461F-5BBF-47D1-8917-7A5B6A08C2EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p171:*:*:*:*:*:*",
"matchCriteriaId": "8A038A59-12A6-44B1-BF28-4AC9F33B8B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p172:*:*:*:*:*:*",
"matchCriteriaId": "50FF8A7D-DA4B-4CA3-9E18-ECA2487127D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p173:*:*:*:*:*:*",
"matchCriteriaId": "C897B169-0E8C-4624-A595-C016951169C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p174:*:*:*:*:*:*",
"matchCriteriaId": "A358B329-E131-42AA-95D3-015BDB32D0A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p175:*:*:*:*:*:*",
"matchCriteriaId": "05B2C090-7AEF-42A0-B6C2-173A8C44FE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p176:*:*:*:*:*:*",
"matchCriteriaId": "817EDB3E-9529-436A-895E-A700E99B75C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p177:*:*:*:*:*:*",
"matchCriteriaId": "69C74989-1186-4780-AB7C-7393CB87DA9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p178:*:*:*:*:*:*",
"matchCriteriaId": "EBA41032-724C-4198-BEE5-8F8E10542718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p179:*:*:*:*:*:*",
"matchCriteriaId": "FE00CC76-4174-481B-BE11-017E138D926C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p180:*:*:*:*:*:*",
"matchCriteriaId": "90357BE1-5BED-4529-B266-01734337DD2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p181:*:*:*:*:*:*",
"matchCriteriaId": "5F19B70E-C4D6-47A2-A784-7AFC8FD7A0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p182:*:*:*:*:*:*",
"matchCriteriaId": "370DF27C-5170-4E83-8C5F-2B71BB18DD2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p183:*:*:*:*:*:*",
"matchCriteriaId": "24875D76-1F1D-409D-97AF-05C3EBABB6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p184:*:*:*:*:*:*",
"matchCriteriaId": "63A68652-A900-4ACA-88B1-2480481DCA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p185:*:*:*:*:*:*",
"matchCriteriaId": "8F93CAA7-43CF-4E77-948C-3B7ACB2065B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p186:*:*:*:*:*:*",
"matchCriteriaId": "42AA7252-63A8-46D9-889F-82E2EB395B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p187:*:*:*:*:*:*",
"matchCriteriaId": "834B2001-0245-4229-924D-E2B663E799AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p188:*:*:*:*:*:*",
"matchCriteriaId": "00DC5545-B625-4BA4-B9B3-86FA53F28078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p189:*:*:*:*:*:*",
"matchCriteriaId": "8AE16E47-74E8-4228-9A7B-9C57B85D185C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p190:*:*:*:*:*:*",
"matchCriteriaId": "B6CA6F5F-F42B-4ABF-AEE1-47078EE6FA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p191:*:*:*:*:*:*",
"matchCriteriaId": "E306D867-323D-4459-9879-B187177E04A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p192:*:*:*:*:*:*",
"matchCriteriaId": "BE01F660-1B93-44AB-A8B0-8952AEFBCC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p193:*:*:*:*:*:*",
"matchCriteriaId": "50929DCE-F805-4998-89FC-E7F058516A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p194:*:*:*:*:*:*",
"matchCriteriaId": "EC66E5EA-30CB-4305-ADD9-DDF487D33303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p195:*:*:*:*:*:*",
"matchCriteriaId": "ACCF3643-A5B9-4189-B7BA-E64DE95E66F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p196:*:*:*:*:*:*",
"matchCriteriaId": "AF578C5C-F8C0-4634-A6D7-44C754F49160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p197:*:*:*:*:*:*",
"matchCriteriaId": "FCDAD4BA-937F-48FB-969A-5DAE6DE50E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p198:*:*:*:*:*:*",
"matchCriteriaId": "3B46B993-3DFE-47DB-9025-B6C58DCA18A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p199:*:*:*:*:*:*",
"matchCriteriaId": "00787CA7-9A1D-4B62-80B6-8556A00C7527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p200:*:*:*:*:*:*",
"matchCriteriaId": "74ED4215-C2C7-4ADB-918D-F475EBC3DC29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p201:*:*:*:*:*:*",
"matchCriteriaId": "FC5D6725-894C-46CC-8C34-52C9C22300C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p202:*:*:*:*:*:*",
"matchCriteriaId": "EA0DA534-D1F4-4399-B289-243E7BBBA6BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p203:*:*:*:*:*:*",
"matchCriteriaId": "0DF70DB3-5467-470A-8376-5076713B3F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p204:*:*:*:*:*:*",
"matchCriteriaId": "1E76CD66-A6A1-4270-85DE-894B9AE06D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p205:*:*:*:*:*:*",
"matchCriteriaId": "8E65023E-32AF-4BD3-965B-322D03593EF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p206:*:*:*:*:*:*",
"matchCriteriaId": "4C319D83-A580-42DA-95BC-7F686C7A871F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p207:*:*:*:*:*:*",
"matchCriteriaId": "73B6F787-36EE-4C67-A9D4-72E45B3A4DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p208:*:*:*:*:*:*",
"matchCriteriaId": "AB9A3C57-A57E-47AB-8C32-1642434A2260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p209:*:*:*:*:*:*",
"matchCriteriaId": "67BBA775-FB30-4A6C-8D4B-A22B43A6FC37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p210:*:*:*:*:*:*",
"matchCriteriaId": "114260EB-CEED-4C8C-A4E5-98A2934113D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p211:*:*:*:*:*:*",
"matchCriteriaId": "D0325DED-6705-45DD-98B0-75A20EA94CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p212:*:*:*:*:*:*",
"matchCriteriaId": "0F79E496-0F22-412B-9CD2-BADECC0BC86A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p213:*:*:*:*:*:*",
"matchCriteriaId": "C90A4534-2057-4527-8C95-65DC36EC1B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p214:*:*:*:*:*:*",
"matchCriteriaId": "A1EF1F52-B93B-4DF9-BDC3-89E591083B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p215:*:*:*:*:*:*",
"matchCriteriaId": "EEF972A9-28D6-432C-BF89-FE8B308FD73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p216:*:*:*:*:*:*",
"matchCriteriaId": "131ADB2D-B0DD-43E4-B92F-03C4A6B4606E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p217:*:*:*:*:*:*",
"matchCriteriaId": "064F1862-EEF3-4937-A1BA-4DB77136D9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p218:*:*:*:*:*:*",
"matchCriteriaId": "B2579BDC-7511-4EB5-93EE-BC6661856DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p219:*:*:*:*:*:*",
"matchCriteriaId": "3303ED56-842C-4199-8C90-4C8946829861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*",
"matchCriteriaId": "93AEBFB8-C063-4862-ADA5-32C8AD6A215D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p220:*:*:*:*:*:*",
"matchCriteriaId": "6ABDA987-7222-4374-9C90-7995D348A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p221:*:*:*:*:*:*",
"matchCriteriaId": "A8AD850A-183B-4F0F-9306-C3DC3791220B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p222:*:*:*:*:*:*",
"matchCriteriaId": "18234B94-97C7-4B6B-89DD-EEC23184CE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p223:*:*:*:*:*:*",
"matchCriteriaId": "CF6212AE-49E5-4163-ADD1-52D30C1292A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p224:*:*:*:*:*:*",
"matchCriteriaId": "836448A1-E62B-48E7-B169-A792DA1C6BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p225:*:*:*:*:*:*",
"matchCriteriaId": "A67A194C-F7C6-4568-A607-BD1469ECBDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p226:*:*:*:*:*:*",
"matchCriteriaId": "9132CD66-3BE4-45DB-8E0D-45470846736A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p227:*:*:*:*:*:*",
"matchCriteriaId": "1F1B56D9-CAB0-4040-9AFA-5DF697FB7FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p228:*:*:*:*:*:*",
"matchCriteriaId": "84C631CF-3B8A-45CA-BB63-1B0C0BBA7587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p229:*:*:*:*:*:*",
"matchCriteriaId": "FBFD2AD3-141F-44EF-836E-ECBBCCA1FED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*",
"matchCriteriaId": "AD38DF5B-0FE3-46B0-9313-0BEDB2FB85BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p230:*:*:*:*:*:*",
"matchCriteriaId": "69D9B2C0-7579-465F-B18B-379639E9927A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p231:*:*:*:*:*:*",
"matchCriteriaId": "29566789-CFE1-4103-AD50-032D5D028757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p232:*:*:*:*:*:*",
"matchCriteriaId": "1D7ECA6E-89D8-45B5-84CE-8CB17C7A3768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p233:*:*:*:*:*:*",
"matchCriteriaId": "F027DACE-C9E2-4D72-9DA3-F809A64EF2F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p234:*:*:*:*:*:*",
"matchCriteriaId": "92643045-7392-47DA-93A5-90CD0AA51E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p235:*:*:*:*:*:*",
"matchCriteriaId": "62130999-2898-4009-B8C2-FF7F7951A604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p236:*:*:*:*:*:*",
"matchCriteriaId": "98FC8466-24E9-41D0-8250-44D7F8C693C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p237:*:*:*:*:*:*",
"matchCriteriaId": "954EF915-6A9E-44E6-883E-A7A9F6284700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p238:*:*:*:*:*:*",
"matchCriteriaId": "05E8C9DA-EA55-4DBC-A96C-0AD149557A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p239:*:*:*:*:*:*",
"matchCriteriaId": "1CC9AFDA-C77E-4165-BDFC-32A7B84509D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*",
"matchCriteriaId": "19B1C33A-80DD-4942-81A3-5A91B77B902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p240:*:*:*:*:*:*",
"matchCriteriaId": "C8DB8DDB-AF56-41F4-950B-A2A2E39317DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p241:*:*:*:*:*:*",
"matchCriteriaId": "BC80B6F6-11A0-449A-897E-575F6F56F87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p242:*:*:*:*:*:*",
"matchCriteriaId": "13CE8993-F930-47C4-95E0-56C56353304B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p243:*:*:*:*:*:*",
"matchCriteriaId": "9FE86C91-2490-48DF-8106-FE880E7814A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p244:*:*:*:*:*:*",
"matchCriteriaId": "FE2353F1-6E1B-4230-A4B4-C0B797708C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p245:*:*:*:*:*:*",
"matchCriteriaId": "0B219D0C-E30F-4E2A-BB7A-1A31536DED5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p246:*:*:*:*:*:*",
"matchCriteriaId": "B219601B-9514-41E0-835B-62364078C818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p247:*:*:*:*:*:*",
"matchCriteriaId": "3F418265-D805-4252-B756-10DE5A859419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p248:*:*:*:*:*:*",
"matchCriteriaId": "E1926405-EE10-43E3-BA5A-762FAE137257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p249:*:*:*:*:*:*",
"matchCriteriaId": "13DF9CF5-51DA-4CE8-804C-5242F2B15C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*",
"matchCriteriaId": "FE315238-7191-4A2E-A3C6-2162BE589C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p250:*:*:*:*:*:*",
"matchCriteriaId": "635C986B-3F82-460C-9BD7-38F8216CDD79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p251:*:*:*:*:*:*",
"matchCriteriaId": "966C53A2-DD1A-4470-81EE-E725BC289DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p252:*:*:*:*:*:*",
"matchCriteriaId": "03228A7D-9D07-4C4C-B9E2-48227F85CA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p253:*:*:*:*:*:*",
"matchCriteriaId": "7BAD1823-8E3A-440D-A3C9-2597D1D5C44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p254:*:*:*:*:*:*",
"matchCriteriaId": "6D7A38FD-04F9-4E79-96CD-A207206EA661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p255:*:*:*:*:*:*",
"matchCriteriaId": "23483EEB-9B8B-4A5B-8ABB-84751D7B7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p256:*:*:*:*:*:*",
"matchCriteriaId": "72EBA29F-09BB-4E3C-B8C4-4F33F87ABA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p257:*:*:*:*:*:*",
"matchCriteriaId": "4D5B23B7-6AE4-48F3-8D2B-D8FE47958686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p258:*:*:*:*:*:*",
"matchCriteriaId": "7CCA6DEC-66A1-47EF-8F58-A043FF3882CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p259:*:*:*:*:*:*",
"matchCriteriaId": "D7A4794F-715B-4494-A98B-9D667651EC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p26:*:*:*:*:*:*",
"matchCriteriaId": "78648B53-1528-4815-AAEA-AEC828A1BF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p260:*:*:*:*:*:*",
"matchCriteriaId": "DBB6B326-CD08-4E1F-9C8B-A20B9E271CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p261:*:*:*:*:*:*",
"matchCriteriaId": "12177C82-48B7-4059-9FE3-67B6AD4394D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p262:*:*:*:*:*:*",
"matchCriteriaId": "2BFFB250-B848-47AD-BCCC-11EE14065A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p263:*:*:*:*:*:*",
"matchCriteriaId": "1444370E-BF8D-4AE5-9FBB-9105E6EF78CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p264:*:*:*:*:*:*",
"matchCriteriaId": "72D025B8-1A4D-4818-8E12-13355A21E2BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p265:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2AD1-309B-44B3-9E86-A1F68DCE9106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p266:*:*:*:*:*:*",
"matchCriteriaId": "A2DFE9B7-5261-4786-91B3-C9E3045EA6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p267:*:*:*:*:*:*",
"matchCriteriaId": "28D3667D-61E3-469E-98FA-09BB84DC0DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p268:*:*:*:*:*:*",
"matchCriteriaId": "2DB842A1-DEBE-47B7-A071-A6551DC2E57E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p269:*:*:*:*:*:*",
"matchCriteriaId": "427D2B99-488A-4AA6-8136-A9DF944A59D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p27:*:*:*:*:*:*",
"matchCriteriaId": "DFD3B0D3-F8B1-4B49-89AD-B7720264ABE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p270:*:*:*:*:*:*",
"matchCriteriaId": "B47B5F96-4634-4D14-9BB3-F18B28DE9C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p271:*:*:*:*:*:*",
"matchCriteriaId": "2C8080B1-8407-4174-B32B-E650ADEB69C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p272:*:*:*:*:*:*",
"matchCriteriaId": "D3472CD9-C523-4DC1-9008-9454BDAC8132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p273:*:*:*:*:*:*",
"matchCriteriaId": "9FF54974-0C40-4503-BFD3-5B44EEFD67E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p274:*:*:*:*:*:*",
"matchCriteriaId": "C1449012-219E-48C6-A6A0-EA9EDA04FE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p275:*:*:*:*:*:*",
"matchCriteriaId": "A793C450-6BC8-46E7-8AB4-87BC4612B0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p276:*:*:*:*:*:*",
"matchCriteriaId": "E33C55DC-07AE-45A5-89A4-76A489E5A867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p277:*:*:*:*:*:*",
"matchCriteriaId": "AE0D8BBB-F96D-48EA-8BB6-D73C36734EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p278:*:*:*:*:*:*",
"matchCriteriaId": "A85B2D52-AF38-47CF-9841-63DA64465418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p279:*:*:*:*:*:*",
"matchCriteriaId": "1B84D901-CBB1-4094-BBE7-5B26E8D39F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p28:*:*:*:*:*:*",
"matchCriteriaId": "E682794C-6BAD-4C62-A56B-B8FC5C246A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p280:*:*:*:*:*:*",
"matchCriteriaId": "44E97C82-3600-4A69-A553-BBABD7DF0C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p281:*:*:*:*:*:*",
"matchCriteriaId": "4E804D9F-4902-445C-A4C0-B3AA9C50990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p282:*:*:*:*:*:*",
"matchCriteriaId": "88C5398A-5782-4DF4-A0EC-504C6B504A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p283:*:*:*:*:*:*",
"matchCriteriaId": "D9155ABF-92D7-4A32-8B8F-D657FB7ECF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p284:*:*:*:*:*:*",
"matchCriteriaId": "1B286708-81FB-4A43-A641-2DD2A2AB32BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p285:*:*:*:*:*:*",
"matchCriteriaId": "E8E97E21-5860-4A69-A41C-D6B016557EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p286:*:*:*:*:*:*",
"matchCriteriaId": "6B7A219D-B28B-4F30-9476-5011614EDA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p287:*:*:*:*:*:*",
"matchCriteriaId": "93B3E6C4-FE6F-4DD6-A843-536BE332FBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p288:*:*:*:*:*:*",
"matchCriteriaId": "DF1882D1-8491-4DAA-B90B-66C70EE0B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p289:*:*:*:*:*:*",
"matchCriteriaId": "568AE9F5-A26A-4257-BC46-57A173274C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p29:*:*:*:*:*:*",
"matchCriteriaId": "C99673E9-9FB8-4FE8-85EE-E90402E40FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p290:*:*:*:*:*:*",
"matchCriteriaId": "135B5E0C-09C9-4F7B-95E7-73ADD8C47332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p291:*:*:*:*:*:*",
"matchCriteriaId": "8FDFE148-F5F8-464D-AD72-9BA98B58B784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p292:*:*:*:*:*:*",
"matchCriteriaId": "790452BA-E1BF-4F4B-9189-55BEA1860DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p293:*:*:*:*:*:*",
"matchCriteriaId": "80C3FEF9-99D3-4454-98F3-09B62E712B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p294:*:*:*:*:*:*",
"matchCriteriaId": "C481B6EE-AA07-4F44-AE3E-AD5EBF94D0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p295:*:*:*:*:*:*",
"matchCriteriaId": "937BC376-9D57-4466-A6EC-3493AB74ABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p296:*:*:*:*:*:*",
"matchCriteriaId": "0B4E4FD4-6957-410A-B25B-3CB66AA6D92D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p297:*:*:*:*:*:*",
"matchCriteriaId": "C2CB55C6-D996-459E-9AF0-CA4E5E568016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p298:*:*:*:*:*:*",
"matchCriteriaId": "66623F9F-9BA0-449D-845E-73119AB85C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p299:*:*:*:*:*:*",
"matchCriteriaId": "95BC5517-41A4-42B4-A36E-598BD1BF5632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p30:*:*:*:*:*:*",
"matchCriteriaId": "F2BB76A4-E4D3-4AAA-84E7-13F1EBF713AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p300:*:*:*:*:*:*",
"matchCriteriaId": "DB6CB51C-FB4C-47F8-A742-4CE96241ACF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p301:*:*:*:*:*:*",
"matchCriteriaId": "E0EDE1E5-EC6E-4042-845F-6E9C2DDA7183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p302:*:*:*:*:*:*",
"matchCriteriaId": "086316E9-06E8-421A-A204-6313E5EE8B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p303:*:*:*:*:*:*",
"matchCriteriaId": "756A71A5-061F-4A31-A63B-668782164B4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p304:*:*:*:*:*:*",
"matchCriteriaId": "ACBE70BB-8F32-4964-9FB0-D3CAEC21045A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p305:*:*:*:*:*:*",
"matchCriteriaId": "EC650C12-B1BF-4D73-A760-5E4FE5BAFDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p306:*:*:*:*:*:*",
"matchCriteriaId": "3FF0E35E-2361-4ACD-BE48-B52E0C809B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p307:*:*:*:*:*:*",
"matchCriteriaId": "4B6E27C1-7523-4B43-9B8A-B085F8798D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p308:*:*:*:*:*:*",
"matchCriteriaId": "B7A3C1CA-101C-4E11-B7B8-EB8E52CE9A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p309:*:*:*:*:*:*",
"matchCriteriaId": "8BF8463C-8E44-4C0D-9B1C-2FA1BD2CC190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p31:*:*:*:*:*:*",
"matchCriteriaId": "C6631CB8-E3BC-473C-A217-E5CBBE8C8AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p310:*:*:*:*:*:*",
"matchCriteriaId": "19EA0570-CCA5-40A6-A563-3A89072396A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p311:*:*:*:*:*:*",
"matchCriteriaId": "82F242D7-A19B-489E-A43E-8D03524AC563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p312:*:*:*:*:*:*",
"matchCriteriaId": "12615298-51F2-482D-98B5-04FF3405C89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p313:*:*:*:*:*:*",
"matchCriteriaId": "5F27F883-CBAF-4638-9CE0-CDE1E6EEBCFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p314:*:*:*:*:*:*",
"matchCriteriaId": "0661907B-783E-4E7A-A762-ED6AF2DC3125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p315:*:*:*:*:*:*",
"matchCriteriaId": "E7BD9562-F3D2-4B25-8F64-8F98F8F20055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p316:*:*:*:*:*:*",
"matchCriteriaId": "A34A0A94-1009-47AC-B697-01A18179FA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p317:*:*:*:*:*:*",
"matchCriteriaId": "72B6EE25-093E-4F65-9158-956FF358BC4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p318:*:*:*:*:*:*",
"matchCriteriaId": "2C1A56B8-B7F4-4D3E-991E-55EAE6821295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p319:*:*:*:*:*:*",
"matchCriteriaId": "2B5CA008-E02B-4FF6-9D38-5CC38D366819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p32:*:*:*:*:*:*",
"matchCriteriaId": "3829DBDA-C15A-4F55-8B65-30FA3DD6BB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p320:*:*:*:*:*:*",
"matchCriteriaId": "6ACF0AA3-BC82-4FB0-B17C-F20553E96A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p321:*:*:*:*:*:*",
"matchCriteriaId": "B4614A1D-27A2-4952-80EB-1E0096F3A9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p322:*:*:*:*:*:*",
"matchCriteriaId": "F2D45FAB-8F9A-4680-B91C-24A0FC5D53C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p323:*:*:*:*:*:*",
"matchCriteriaId": "73CCF245-7374-4DE1-AE14-8520D529FB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p324:*:*:*:*:*:*",
"matchCriteriaId": "175AA245-3CA7-48A1-8B59-BE3EBDD50223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p325:*:*:*:*:*:*",
"matchCriteriaId": "E193D864-8AA3-4769-A60A-EDCF1708B868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p326:*:*:*:*:*:*",
"matchCriteriaId": "5EBD0753-F448-47BC-B3A2-878C7CABFFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p327:*:*:*:*:*:*",
"matchCriteriaId": "C1DD4AF6-8E30-440B-B8E5-8D23F8C752C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p328:*:*:*:*:*:*",
"matchCriteriaId": "A7973D03-DA1D-4470-BB44-E6D1336EA05E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p329:*:*:*:*:*:*",
"matchCriteriaId": "C23977C3-F49A-46FF-BE70-161D4A198651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p33:*:*:*:*:*:*",
"matchCriteriaId": "DA9F54EB-2377-4CE0-8517-564415EC79AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p330:*:*:*:*:*:*",
"matchCriteriaId": "4A50CB94-38F4-4AC1-8D56-3C4DBDE5DA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p331:*:*:*:*:*:*",
"matchCriteriaId": "ADA7B8B0-FB9E-4833-BD49-4B29A6E8CE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p332:*:*:*:*:*:*",
"matchCriteriaId": "EB39BE69-4CC6-4142-ADAB-CAE31C60F02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p333:*:*:*:*:*:*",
"matchCriteriaId": "0B71E349-4644-46C4-B94B-49EA7D61ADFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p334:*:*:*:*:*:*",
"matchCriteriaId": "AFA3FB6E-CEB5-43D5-B741-661BAE199EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p335:*:*:*:*:*:*",
"matchCriteriaId": "92E625E3-3E09-4EEA-8808-C60B2C5D99B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p336:*:*:*:*:*:*",
"matchCriteriaId": "31F5F683-26B8-4582-948A-2AFC5FB4EBDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p337:*:*:*:*:*:*",
"matchCriteriaId": "6F7A8648-0E43-47D9-872E-4B24BE68E2B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p338:*:*:*:*:*:*",
"matchCriteriaId": "3B19F768-A654-4A11-924D-0D741A5B5063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p339:*:*:*:*:*:*",
"matchCriteriaId": "F4DD99A1-AF44-4177-A94E-1663CCFFDBE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p34:*:*:*:*:*:*",
"matchCriteriaId": "76B59A05-EF56-4A06-8EF2-49BABA11EFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p340:*:*:*:*:*:*",
"matchCriteriaId": "1A8E03B1-0A87-43EB-A9E0-A4F396948EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p341:*:*:*:*:*:*",
"matchCriteriaId": "6812A7B2-8267-45DA-8E9A-E9987D07ED6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p342:*:*:*:*:*:*",
"matchCriteriaId": "13FFE741-5489-4427-9E30-4B499BE419BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p343:*:*:*:*:*:*",
"matchCriteriaId": "2D720BAC-CF8C-4394-B7B3-E410467D02CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p344:*:*:*:*:*:*",
"matchCriteriaId": "17CD0194-9899-4FC0-AC48-305C98180D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p345:*:*:*:*:*:*",
"matchCriteriaId": "250A861E-93BE-419A-84D7-EB3CBC5F37FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p346:*:*:*:*:*:*",
"matchCriteriaId": "7BB3A976-A7E3-4C59-9BBE-DE1B815F7871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p347:*:*:*:*:*:*",
"matchCriteriaId": "212DADA8-A0B7-499C-A6B0-8696AB1B103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p348:*:*:*:*:*:*",
"matchCriteriaId": "DAF064E3-4A50-40E3-A183-42D062E27FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p349:*:*:*:*:*:*",
"matchCriteriaId": "93400158-D5E2-4B49-8F28-BB4398217F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p35:*:*:*:*:*:*",
"matchCriteriaId": "79747394-C70B-45AE-9533-CE095E44952E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p350:*:*:*:*:*:*",
"matchCriteriaId": "17DDD2ED-9510-487F-B598-27BFADE10D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p351:*:*:*:*:*:*",
"matchCriteriaId": "F90A32B0-B237-42AE-9FAE-5AF125877DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p352:*:*:*:*:*:*",
"matchCriteriaId": "945E5002-84D6-44A0-8327-CD01A746F842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p353:*:*:*:*:*:*",
"matchCriteriaId": "892FD4C7-17EE-4845-BCFA-1564081CD289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p354:*:*:*:*:*:*",
"matchCriteriaId": "68DA4791-4619-4977-9B2C-489142D0055B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p355:*:*:*:*:*:*",
"matchCriteriaId": "911A3C69-8D28-4D27-8EC7-ED02FE74BFE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p356:*:*:*:*:*:*",
"matchCriteriaId": "BB125173-0F9C-4B57-BEC0-490C01EE2C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p357:*:*:*:*:*:*",
"matchCriteriaId": "09D58DE3-C8C4-4C14-B38E-84D1AC874E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p358:*:*:*:*:*:*",
"matchCriteriaId": "AF9DDED5-9383-4014-8674-CD5A6D7E246A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p359:*:*:*:*:*:*",
"matchCriteriaId": "BB4AABDA-3A4E-411F-A3F0-22FC06157D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p36:*:*:*:*:*:*",
"matchCriteriaId": "FE9E7970-8A2A-4B9A-BD8C-0B7345DDDC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p360:*:*:*:*:*:*",
"matchCriteriaId": "9B5B447C-066F-47FF-A033-7B98638E6506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p361:*:*:*:*:*:*",
"matchCriteriaId": "3A2FADF1-EA35-44B1-B200-3535F0899622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p362:*:*:*:*:*:*",
"matchCriteriaId": "EA45115B-7FF5-4479-841D-DAA05EF525E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p363:*:*:*:*:*:*",
"matchCriteriaId": "9FEC288C-ACB1-4782-AD3D-C13CD4822C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p364:*:*:*:*:*:*",
"matchCriteriaId": "B3948830-399B-4457-9C79-FE542885396D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p365:*:*:*:*:*:*",
"matchCriteriaId": "297B4B83-3B41-4D05-951E-55671DFA3401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p366:*:*:*:*:*:*",
"matchCriteriaId": "97722AA3-54FF-43DC-A926-AFB00A216D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p367:*:*:*:*:*:*",
"matchCriteriaId": "F7059D68-D871-4C92-8DC3-C37C3660831F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p368:*:*:*:*:*:*",
"matchCriteriaId": "4CA21B77-EE77-48B2-88A9-FDF818B83425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p369:*:*:*:*:*:*",
"matchCriteriaId": "669E93E5-70BD-405F-A92C-6623F7A53F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p37:*:*:*:*:*:*",
"matchCriteriaId": "B4B06D02-D9F6-4C09-BEE0-A5491B97A24C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p370:*:*:*:*:*:*",
"matchCriteriaId": "53A468F9-6C1E-4A2E-AFDA-979E570D6DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p371:*:*:*:*:*:*",
"matchCriteriaId": "7C064AC9-11CC-458C-9AE1-B4F870AD468C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p372:*:*:*:*:*:*",
"matchCriteriaId": "81F985B3-B0F9-4A41-B014-4222786C960C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p373:*:*:*:*:*:*",
"matchCriteriaId": "E3A86AF0-6A98-474C-BB6E-2C3FB6ABCCE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p374:*:*:*:*:*:*",
"matchCriteriaId": "42F94BA2-09E5-4373-8940-B723E1D12B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p375:*:*:*:*:*:*",
"matchCriteriaId": "88956750-A888-4E68-B7A5-59C7259E5BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p376:*:*:*:*:*:*",
"matchCriteriaId": "9E738CE1-1E0C-4822-AC3A-917FA4FFA612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p377:*:*:*:*:*:*",
"matchCriteriaId": "767426BE-5BBF-426E-A0C6-2D367B954F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p378:*:*:*:*:*:*",
"matchCriteriaId": "A84376E3-A31F-4EEB-8F87-A9C965C2F1DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p379:*:*:*:*:*:*",
"matchCriteriaId": "EB98463C-35D4-4252-945B-4C50A385CE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p38:*:*:*:*:*:*",
"matchCriteriaId": "0C337ACA-81A0-4017-8CEB-7CB790172C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p380:*:*:*:*:*:*",
"matchCriteriaId": "50D0EB63-C1BF-403F-A0F4-EBADBBBE9345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p381:*:*:*:*:*:*",
"matchCriteriaId": "D7C31F2F-163E-4384-B87E-AFE1C8C7865F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p382:*:*:*:*:*:*",
"matchCriteriaId": "220DE1DB-5F19-4C4C-A8E3-5650870BD1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p383:*:*:*:*:*:*",
"matchCriteriaId": "323572A7-67C5-42AD-9E65-E54719B701DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p384:*:*:*:*:*:*",
"matchCriteriaId": "DF6BE9BC-4C72-4D8C-96C7-8867580BD557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p385:*:*:*:*:*:*",
"matchCriteriaId": "D1C34D5F-DE47-4CB8-B1F7-2796D48EDF26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p386:*:*:*:*:*:*",
"matchCriteriaId": "C54C231A-25A6-480B-87A4-6F3E9AC242EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p387:*:*:*:*:*:*",
"matchCriteriaId": "0EE812DF-8E96-4FF8-8D03-10B98A3C4563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p388:*:*:*:*:*:*",
"matchCriteriaId": "CC809B83-705E-438D-B9C7-8AED384E55E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p389:*:*:*:*:*:*",
"matchCriteriaId": "E82497A8-05F6-4AA5-9A98-C084BF6C87A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p39:*:*:*:*:*:*",
"matchCriteriaId": "80D57A00-D9A5-4C70-B523-0064C56AD7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p390:*:*:*:*:*:*",
"matchCriteriaId": "2B65C876-191E-43DD-8C00-B3FFB643798C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p391:*:*:*:*:*:*",
"matchCriteriaId": "1C55D80B-4597-4C13-8BDA-659F19CA17AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p392:*:*:*:*:*:*",
"matchCriteriaId": "CD2417D5-0B48-41AC-B529-B6B958FD1529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p393:*:*:*:*:*:*",
"matchCriteriaId": "E86B9970-181A-4227-85C5-6EA9DC83EC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p394:*:*:*:*:*:*",
"matchCriteriaId": "C9AB4545-315D-430A-AEF5-FA51C91A81C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p395:*:*:*:*:*:*",
"matchCriteriaId": "A48EA953-A9AC-4B0E-80D7-97E813AA6116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p396:*:*:*:*:*:*",
"matchCriteriaId": "21FA80EF-86AD-4B10-847F-BE1A21DA90DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p397:*:*:*:*:*:*",
"matchCriteriaId": "064A35E0-362D-4EAB-9659-B66A51B8A57C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p398:*:*:*:*:*:*",
"matchCriteriaId": "FC33854D-77D0-403A-9DD6-0AE57DDF1D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p399:*:*:*:*:*:*",
"matchCriteriaId": "0E8128A3-F0A9-443A-9B39-9DDEBD6C9E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*",
"matchCriteriaId": "E0040B79-5D07-4BEA-8861-8D827FB31735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p40:*:*:*:*:*:*",
"matchCriteriaId": "658F5E60-CA2F-4B96-B48A-715CCF553F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p400:*:*:*:*:*:*",
"matchCriteriaId": "263B51E4-1659-427B-A79B-D4E9DF28A57F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p401:*:*:*:*:*:*",
"matchCriteriaId": "8B97CE98-A1EE-4ED6-A108-4BF40EA3F81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p402:*:*:*:*:*:*",
"matchCriteriaId": "8C818138-F20A-4F39-A5C0-6D2937EE77F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p403:*:*:*:*:*:*",
"matchCriteriaId": "BE12A159-F94F-4410-AF88-8966101C1212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p404:*:*:*:*:*:*",
"matchCriteriaId": "ECC145C1-F5F5-4EE7-96FE-6F5949E483A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p405:*:*:*:*:*:*",
"matchCriteriaId": "7F57CF8E-FE13-4E21-8F35-25068C3F36B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p406:*:*:*:*:*:*",
"matchCriteriaId": "D75F5F25-9D47-4FA5-95DF-47CDCB3E9C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p407:*:*:*:*:*:*",
"matchCriteriaId": "9EE75158-53F3-46F3-8028-860CD0F0493D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p408:*:*:*:*:*:*",
"matchCriteriaId": "DA633D5D-F25E-41D0-A881-ED59EFE1593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p409:*:*:*:*:*:*",
"matchCriteriaId": "4166C7AD-F945-4AA0-A4FB-055D5F90A84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p41:*:*:*:*:*:*",
"matchCriteriaId": "CCCC6A0F-7728-4AB7-ABFB-6D8B7C327319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p410:*:*:*:*:*:*",
"matchCriteriaId": "FE0C6655-04AA-41ED-8186-C384A5D80CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p411:*:*:*:*:*:*",
"matchCriteriaId": "7218D1AE-D531-4688-91DF-EFF5D2690C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p412:*:*:*:*:*:*",
"matchCriteriaId": "BB32757C-97CB-4782-A7D0-7905C08AB72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p413:*:*:*:*:*:*",
"matchCriteriaId": "A8091E4A-054C-4AED-BE48-783DC4D0C8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p414:*:*:*:*:*:*",
"matchCriteriaId": "16CD62B2-904D-4109-BBF6-4CF71CDD171D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p415:*:*:*:*:*:*",
"matchCriteriaId": "D5B8C246-0B8C-462E-B3EB-49988C387B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p416:*:*:*:*:*:*",
"matchCriteriaId": "B66B920C-F32C-47C6-A456-29D075E0FDD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p417:*:*:*:*:*:*",
"matchCriteriaId": "A424EAE0-2B4E-4B08-B1E7-DFC9FCC0B863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p418:*:*:*:*:*:*",
"matchCriteriaId": "3601971C-CFB7-499F-8C46-5D58D6C8E252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p419:*:*:*:*:*:*",
"matchCriteriaId": "3E44EACB-8FAC-4FCE-B83F-9B1EFC2B8A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p42:*:*:*:*:*:*",
"matchCriteriaId": "F6FE7257-F93D-406E-B4B3-668E41C6A8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p420:*:*:*:*:*:*",
"matchCriteriaId": "17B12369-3740-487C-ACBB-8D09E933CEFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p421:*:*:*:*:*:*",
"matchCriteriaId": "4E8D3E83-11C6-4169-A401-536758AC683F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p422:*:*:*:*:*:*",
"matchCriteriaId": "88DC6549-8447-4981-9462-AF54AB224E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p423:*:*:*:*:*:*",
"matchCriteriaId": "8B3712F6-CD70-4D27-B51B-C152C730E4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p424:*:*:*:*:*:*",
"matchCriteriaId": "C538EC07-E3B5-48F4-B2BE-1D183C8167FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p425:*:*:*:*:*:*",
"matchCriteriaId": "2536D2A7-00E8-42F3-8040-C2C581BD18EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p426:*:*:*:*:*:*",
"matchCriteriaId": "41C5A447-68F1-4C86-B324-56346B5ED4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p427:*:*:*:*:*:*",
"matchCriteriaId": "9A2B4489-5A50-45B0-9AC3-55226D104C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p428:*:*:*:*:*:*",
"matchCriteriaId": "98AE334D-93C1-410A-A993-559C4ECA6EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p429:*:*:*:*:*:*",
"matchCriteriaId": "55C23879-14D6-44CF-B72C-077648B7850C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p43:*:*:*:*:*:*",
"matchCriteriaId": "DDE8AE33-9A76-4921-838C-FD26BE966936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p430:*:*:*:*:*:*",
"matchCriteriaId": "343DE53D-5471-4A71-9ECF-F4B49FE87DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p431:*:*:*:*:*:*",
"matchCriteriaId": "1659F07D-AC4B-4946-AA6D-CD07BEFFD260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p432:*:*:*:*:*:*",
"matchCriteriaId": "E5E5356A-C7DE-4E77-B563-9D9411A94487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p433:*:*:*:*:*:*",
"matchCriteriaId": "A90B1CB8-7CD6-455D-8B83-890DFE17F168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p434:*:*:*:*:*:*",
"matchCriteriaId": "42F60614-8A4C-48D9-9AFE-03334B5F39A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p435:*:*:*:*:*:*",
"matchCriteriaId": "C2CEAAC3-0738-4EFA-9C6A-140B61D6FB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p436:*:*:*:*:*:*",
"matchCriteriaId": "06F04569-8733-4326-AAAF-E1C0FDE9A067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p437:*:*:*:*:*:*",
"matchCriteriaId": "DE4263C9-9885-4AD5-9331-6EA04B579DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p438:*:*:*:*:*:*",
"matchCriteriaId": "D34C4700-3763-402B-88A1-0E0CDAB003C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p439:*:*:*:*:*:*",
"matchCriteriaId": "5AFC88C6-C0C7-4F06-B36F-4C07F68714DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p44:*:*:*:*:*:*",
"matchCriteriaId": "434184FF-2FB6-4577-8F85-E488EB89D642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p440:*:*:*:*:*:*",
"matchCriteriaId": "03CD81E7-9C87-4E8C-8B38-A9C790D3740D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p441:*:*:*:*:*:*",
"matchCriteriaId": "AA114487-9C20-4D4C-9BE0-61E83EEA881A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p442:*:*:*:*:*:*",
"matchCriteriaId": "AD46FDA8-410D-46ED-B9DA-DBE377A52F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p443:*:*:*:*:*:*",
"matchCriteriaId": "2549A1EB-CF4C-4B72-BE21-4DB6C232620E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p444:*:*:*:*:*:*",
"matchCriteriaId": "C4A5B2DE-6EDB-4687-95E9-B7BDEE8A4F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p445:*:*:*:*:*:*",
"matchCriteriaId": "38655472-BDE7-450A-8655-D217648FB502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p446:*:*:*:*:*:*",
"matchCriteriaId": "9A9EB39C-40E4-4B2F-AC0F-9AB12ABFE9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p447:*:*:*:*:*:*",
"matchCriteriaId": "1EEA66A5-F0EE-407D-A40E-4AF5E1AA052D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p448:*:*:*:*:*:*",
"matchCriteriaId": "F659FB12-BED8-4DA3-886C-E49FECD2E84D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p449:*:*:*:*:*:*",
"matchCriteriaId": "B4D83B72-6A3A-49A2-BC10-AF588CC4F8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p45:*:*:*:*:*:*",
"matchCriteriaId": "3DBDA6E7-5849-4551-A4E4-4C846074B55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p450:*:*:*:*:*:*",
"matchCriteriaId": "E6B6B540-1E6C-4031-87D8-159B683E42E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p451:*:*:*:*:*:*",
"matchCriteriaId": "8AE3CDE6-4061-446C-8CA9-1F86CF5D0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p452:*:*:*:*:*:*",
"matchCriteriaId": "3524F3C9-1FB9-478B-927B-FCDAD58F9A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p453:*:*:*:*:*:*",
"matchCriteriaId": "1E539437-A77D-4672-B7F7-401435A5DF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p454:*:*:*:*:*:*",
"matchCriteriaId": "73EAA52B-5E57-4633-A651-2763433A581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p455:*:*:*:*:*:*",
"matchCriteriaId": "84791D19-F4E2-430A-891B-562C8A42F572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p456:*:*:*:*:*:*",
"matchCriteriaId": "56CBFA28-AD97-436D-87E6-A958C80F463D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p457:*:*:*:*:*:*",
"matchCriteriaId": "5E82DEF1-83E4-47B1-8A71-AAB6723B092E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p458:*:*:*:*:*:*",
"matchCriteriaId": "73BDEBD9-C4A3-44AA-9067-6EAA0FB68D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p459:*:*:*:*:*:*",
"matchCriteriaId": "99E12DE4-36F7-47E3-B296-B7DD4908C191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p46:*:*:*:*:*:*",
"matchCriteriaId": "9520436F-C8D9-40F0-BBE5-2B15D286B8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p460:*:*:*:*:*:*",
"matchCriteriaId": "B8213C7C-A1C6-491C-88DF-46799E1149FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p461:*:*:*:*:*:*",
"matchCriteriaId": "E4A6EEC8-A256-4A29-88B9-EBD29F0E9984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p462:*:*:*:*:*:*",
"matchCriteriaId": "C480C64A-1591-45A0-9F8E-4ADF90ECEC4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p463:*:*:*:*:*:*",
"matchCriteriaId": "C1F1E185-3A8B-4523-9C4D-35B219DAAB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p464:*:*:*:*:*:*",
"matchCriteriaId": "58DAACF5-282F-4D4F-BA58-1DCDB31B0E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p465:*:*:*:*:*:*",
"matchCriteriaId": "7CC89215-1461-42F4-8F0A-0E60AD86CE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p466:*:*:*:*:*:*",
"matchCriteriaId": "D477F5D9-B8C2-498B-B979-5524BA64F082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p467:*:*:*:*:*:*",
"matchCriteriaId": "F7983F2C-182E-415E-B770-288BB165A660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p468:*:*:*:*:*:*",
"matchCriteriaId": "7A3795B8-817E-40E5-B348-74A15FF713C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p469:*:*:*:*:*:*",
"matchCriteriaId": "87CE91F2-1FB0-41E0-89E6-58EEFA6BE41D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p47:*:*:*:*:*:*",
"matchCriteriaId": "9BD6AC08-3F51-4410-8ECB-99B44A72568E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p470:*:*:*:*:*:*",
"matchCriteriaId": "690FC7C1-4B39-49C6-9603-007A3E88DA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p471:*:*:*:*:*:*",
"matchCriteriaId": "3918A234-477D-4C0D-9E6D-CFDFA582B402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p472:*:*:*:*:*:*",
"matchCriteriaId": "EBC0DCF1-EE12-4D07-A643-ABF51E0D1C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p473:*:*:*:*:*:*",
"matchCriteriaId": "B7900782-B462-4A44-96CE-A3A014E93709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p474:*:*:*:*:*:*",
"matchCriteriaId": "3AF076BA-2834-448B-AA81-1BA5C99DA860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p475:*:*:*:*:*:*",
"matchCriteriaId": "2917A9B3-37EC-4F51-A4D6-68270E0BFBA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p476:*:*:*:*:*:*",
"matchCriteriaId": "F9A85B79-DACE-48DB-A575-2F14FAACFF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p477:*:*:*:*:*:*",
"matchCriteriaId": "F2BC6626-9073-4E98-8D81-EB68F3FF1DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p478:*:*:*:*:*:*",
"matchCriteriaId": "E625449B-FAAC-4053-B775-8745CAF4DDB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p479:*:*:*:*:*:*",
"matchCriteriaId": "6BC60030-61E0-41E7-B11A-B9A4AE3F15FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p48:*:*:*:*:*:*",
"matchCriteriaId": "6AF437C6-62A2-4B99-9A24-F721A60D7D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p480:*:*:*:*:*:*",
"matchCriteriaId": "00A93F72-960F-4616-9E13-C7D070AA9284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p481:*:*:*:*:*:*",
"matchCriteriaId": "4BB13DEF-50F9-44F4-B727-FD9121A5D94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p482:*:*:*:*:*:*",
"matchCriteriaId": "A4CEFBF7-F69A-431B-BF71-DAB5958888F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p483:*:*:*:*:*:*",
"matchCriteriaId": "24903C79-D6BE-4961-B787-1C3B9E88C81B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p484_rc1:*:*:*:*:*:*",
"matchCriteriaId": "89313369-5D95-45B2-A0F7-E105608D133D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p485_rc1:*:*:*:*:*:*",
"matchCriteriaId": "160577D9-BC9A-40E9-BECB-7EFA9E1A4D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p486_rc1:*:*:*:*:*:*",
"matchCriteriaId": "0FCFFCCD-13F9-43F2-861D-839B7046A1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p49:*:*:*:*:*:*",
"matchCriteriaId": "0E730137-E93D-4AFB-B1E5-9CE89AF0CE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*",
"matchCriteriaId": "D00C1A08-1AFF-4AED-9F32-6F7400E24427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p50:*:*:*:*:*:*",
"matchCriteriaId": "16871277-E425-4A35-A6DC-C89EBA7E74E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p51:*:*:*:*:*:*",
"matchCriteriaId": "EDE0405D-F8DE-458D-8D75-FE582D1DC137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p52:*:*:*:*:*:*",
"matchCriteriaId": "637D12F8-33EB-4D35-A56F-8B6A124B2936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p53:*:*:*:*:*:*",
"matchCriteriaId": "F0C13374-0966-4372-951D-853D5CC81E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p54:*:*:*:*:*:*",
"matchCriteriaId": "41B72391-9B36-4196-9BF0-E3C44B5A6C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p55:*:*:*:*:*:*",
"matchCriteriaId": "AFA07E87-043E-456C-B435-6B7EF3CAA58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p56:*:*:*:*:*:*",
"matchCriteriaId": "165E10ED-42CE-4313-B630-D2051DA29F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p57:*:*:*:*:*:*",
"matchCriteriaId": "2EDCA346-8FA5-4781-B69E-37F76DD07039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p58:*:*:*:*:*:*",
"matchCriteriaId": "9FD3A0D8-D947-40AA-A548-CD48BB3837AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p59:*:*:*:*:*:*",
"matchCriteriaId": "7B97D60B-CCAE-4F13-9573-23D65280C0B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*",
"matchCriteriaId": "6478C98A-FC07-457D-996D-53B9361B52D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p60:*:*:*:*:*:*",
"matchCriteriaId": "D379EAE2-0D54-4FDE-A241-6E4B03692315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p61:*:*:*:*:*:*",
"matchCriteriaId": "91F16EF5-4F62-4D04-AF2E-9867CC96F42F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p62:*:*:*:*:*:*",
"matchCriteriaId": "5E1AA127-8578-4DDE-9189-437FF384F24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p63:*:*:*:*:*:*",
"matchCriteriaId": "3F084101-EC75-4F1A-B0D3-D4B161A4C30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p64:*:*:*:*:*:*",
"matchCriteriaId": "B9BE6456-9805-4FC6-B937-7505480E5BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p65:*:*:*:*:*:*",
"matchCriteriaId": "28FF7D7B-79D5-4CFA-BED1-9F68200BDBD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p66:*:*:*:*:*:*",
"matchCriteriaId": "BBD63622-9C07-4110-BFB6-45574CA51E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p67:*:*:*:*:*:*",
"matchCriteriaId": "326AF319-30FA-4460-8095-9895F7778808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p68:*:*:*:*:*:*",
"matchCriteriaId": "C4F42335-E1C1-4A35-8F05-B04F73EA36AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p69:*:*:*:*:*:*",
"matchCriteriaId": "C0A3A492-9985-4FE8-82ED-5B793F0CD252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*",
"matchCriteriaId": "C1D01BD4-27BF-49BD-9305-F26E0EC778AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p70:*:*:*:*:*:*",
"matchCriteriaId": "3EB30D8D-4AE8-4975-BFAC-7A4352666335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p71:*:*:*:*:*:*",
"matchCriteriaId": "A29E2D36-7374-4F80-90C5-6E5B4A03DB42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p72:*:*:*:*:*:*",
"matchCriteriaId": "BD4EF13C-9561-4791-AF4A-790466A38A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p73:*:*:*:*:*:*",
"matchCriteriaId": "06DF6604-2175-4341-BEED-BF381A3E82FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p74:*:*:*:*:*:*",
"matchCriteriaId": "046E1F04-A028-41C1-ACA5-0A4E13B57CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p75:*:*:*:*:*:*",
"matchCriteriaId": "FC712CBC-5212-4EDB-8F2E-25D839C417B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p76:*:*:*:*:*:*",
"matchCriteriaId": "71D343FF-390C-4EA4-863D-A684D49AA321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p77:*:*:*:*:*:*",
"matchCriteriaId": "A75FD97F-B998-4506-8D81-87A9A4DD7216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p78:*:*:*:*:*:*",
"matchCriteriaId": "EB24361D-B7F2-4A98-9AF7-ADB5E91FEBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p79:*:*:*:*:*:*",
"matchCriteriaId": "825CC1F4-A5F3-4F2F-BA82-AE5843AFA0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*",
"matchCriteriaId": "F4E82220-4E07-41B0-952A-9C0CC0973D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p80:*:*:*:*:*:*",
"matchCriteriaId": "6969C6F6-845C-4023-B7D3-2E0ECE90D355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p81:*:*:*:*:*:*",
"matchCriteriaId": "6EB84D6B-FC5A-4AC3-9F2D-EA3015917FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p82:*:*:*:*:*:*",
"matchCriteriaId": "3B0487A0-CA40-4DA6-9CE2-B912180FCDC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p83:*:*:*:*:*:*",
"matchCriteriaId": "904B93E2-D880-49A7-B6EB-E4CC0274CE49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p84:*:*:*:*:*:*",
"matchCriteriaId": "FE6E7BAC-0D0E-4BE7-A3EB-5DC39FFD3BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p85:*:*:*:*:*:*",
"matchCriteriaId": "6D66BC48-C3BA-4BEA-BE22-15E08400F7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p86:*:*:*:*:*:*",
"matchCriteriaId": "1A33C1B1-72FA-4B7A-BFB1-74A8C8B9E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p87:*:*:*:*:*:*",
"matchCriteriaId": "671D4E8C-27EB-404B-8360-4DDB17794C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p88:*:*:*:*:*:*",
"matchCriteriaId": "19CE5AEB-1A3E-4E4E-9582-90FFF796F750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p89:*:*:*:*:*:*",
"matchCriteriaId": "9673E80A-55D3-4D2C-B8E0-2EE46950DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*",
"matchCriteriaId": "38F02F01-569A-445D-A954-D9369E0B8850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p90:*:*:*:*:*:*",
"matchCriteriaId": "97E2530E-CD9B-4DE1-ABCE-4777F54D8DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p91:*:*:*:*:*:*",
"matchCriteriaId": "6470A9D0-4C38-4A3D-90EE-3B1D9DB6E25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p92:*:*:*:*:*:*",
"matchCriteriaId": "CB5503D1-4DF1-402A-83BA-46EF69CE88F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p93:*:*:*:*:*:*",
"matchCriteriaId": "DE5410A0-A66E-4759-9D7A-268374747936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p94:*:*:*:*:*:*",
"matchCriteriaId": "B44716FB-1789-45E7-A2E1-06489D29DDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p95:*:*:*:*:*:*",
"matchCriteriaId": "E00F67B6-7B05-4EAE-8004-080590CC6381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p96:*:*:*:*:*:*",
"matchCriteriaId": "8BF82B7F-A4B8-4294-BF92-7B09EE1A61F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p97:*:*:*:*:*:*",
"matchCriteriaId": "8F8E44FE-91B3-44B6-B793-65176C01294F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p98:*:*:*:*:*:*",
"matchCriteriaId": "4F81E473-FDFA-49B1-B2F9-DE44BFC4333E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p99:*:*:*:*:*:*",
"matchCriteriaId": "8E4ED509-8B0B-4F3E-9378-193500762248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C771C48E-2B29-491D-8FF0-69D81229465D",
"versionEndExcluding": "c.4.2.8.2.0",
"versionStartIncluding": "b.11.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query."
},
{
"lang": "es",
"value": "La funci\u00f3n read_mru_list en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una consulta mrulist manipulada."
}
],
"id": "CVE-2016-7434",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3082"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94448"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40806/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40806/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-05 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.92 | |
| oracle | solaris | 10 | |
| oracle | solaris | 11.3 | |
| suse | manager_proxy | 2.1 | |
| suse | openstack_cloud | 5 | |
| novell | suse_manager | 2.1 | |
| opensuse | leap | 42.1 | |
| opensuse | opensuse | 13.2 | |
| suse | linux_enterprise_desktop | 12 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBED083-B935-4C47-BBDA-F39D8EA277ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "BD6136E8-74DE-48AF-A8AB-B0E93D34870C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:novell:suse_manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "514646C5-C5D4-487E-8950-B3A2B1DE8EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "3A0BA503-3F96-48DA-AF47-FBA37A9D0C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*",
"matchCriteriaId": "2076747F-A98E-4DD9-9B52-BF1732BCAD3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
},
{
"lang": "es",
"value": "ntpd en NTP en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un paquete crypto-NAK. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2016-1547."
}
],
"id": "CVE-2016-4957",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-05T01:59:04.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3046"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://bugs.ntp.org/3046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-21 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| suse | linux_enterprise_debuginfo | 11 | |
| suse | linux_enterprise_debuginfo | 11 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | manager | 2.1 | |
| suse | manager_proxy | 2.1 | |
| suse | openstack_cloud | 5 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 6.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| ntp | ntp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A33B9F5-E0D1-4A3E-9FFB-5602A25F3227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0F5A0-70D9-4305-A834-B6FF71E27B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "88BCD7DC-0FEF-477D-8698-F8D8F1A49D90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p40:*:*:*:*:*:*",
"matchCriteriaId": "C38BE66F-08C3-4351-BFFF-0A79EE89612E",
"versionEndIncluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands."
},
{
"lang": "es",
"value": "La funci\u00f3n log_config_command en el archivo ntp_parser.y en ntpd en NTP anterior a versi\u00f3n 4.2.7p42, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de ntpd) por medio de comandos logconfig creados."
}
],
"id": "CVE-2015-5194",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-21T14:29:00.757",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76475"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 21:15
Modified
2025-02-11 16:15
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p15:*:*:*:*:*:*",
"matchCriteriaId": "D300A755-9809-4469-8C08-20CB451C83A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
}
],
"id": "CVE-2023-26553",
"lastModified": "2025-02-11T16:15:35.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-11T21:15:21.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*",
"matchCriteriaId": "99442254-E77A-43F7-8A9B-FC918AC336A6",
"versionEndIncluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash)."
},
{
"lang": "es",
"value": "La funci\u00f3n nextvar en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no valida correctamente la longitud de su entrada, lo que permite a un atacante provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n)."
}
],
"id": "CVE-2015-7975",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T21:59:00.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2937"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81959"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/81959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-05-23 02:15
Severity ?
Summary
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/77275 | Broken Link | |
| cve@mitre.org | http://www.securitytracker.com/id/1033951 | Broken Link | |
| cve@mitre.org | http://www.talosintelligence.com/reports/TALOS-2015-0052/ | Exploit, Technical Description, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security.gentoo.org/glsa/201607-15 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20171004-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77275 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033951 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.talosintelligence.com/reports/TALOS-2015-0052/ | Exploit, Technical Description, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201607-15 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20171004-0001/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap_operating_in_7-mode | - | |
| netapp | oncommand_balance | - | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:data_ontap_operating_in_7-mode:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBCB6368-4881-4A3B-9C6D-935371644CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "010160B1-E1C9-4C9F-8FBB-E67667E758C6",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash."
},
{
"lang": "es",
"value": "Puede ocurrir un desbordamiento de entero en NTP-dev.4.3.70 que conduce a una operaci\u00f3n de copia de memoria fuera de l\u00edmites cuando se procesa un paquete de modo privado especialmente manipulado. El paquete manipulado necesita tener el c\u00f3digo correcto de autenticaci\u00f3n de mensajes y un timestamp valido. Cuando es procesado por el daemon NTP, conduce a un bloqueo inmediato."
}
],
"id": "CVE-2015-7848",
"lastModified": "2025-05-23T02:15:39.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/77275"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2015-0052/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/77275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2015-0052/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*",
"matchCriteriaId": "72A23255-B135-4A4C-A2BA-A93026C0F520",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\""
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p9 no realiza adecuadamente los c\u00e1lculos de sincronizaci\u00f3n inicial, lo que permite a atacantes remotos un impacto no especificado a trav\u00e9s de vectores desconocidos, relacionado con una \"distancia de ra\u00edz que no inclu\u00eda la dispersi\u00f3n de pares\"."
}
],
"id": "CVE-2016-7433",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.510",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3067"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94455"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227"
},
{
"source": "cve@mitre.org",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-682"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-06 20:29
Modified
2025-01-14 19:29
Severity ?
Summary
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| synology | router_manager | 1.1 | |
| synology | skynas | - | |
| synology | virtual_diskstation_manager | - | |
| synology | diskstation_manager | 5.2 | |
| synology | diskstation_manager | 6.0 | |
| synology | diskstation_manager | 6.1 | |
| synology | vs960hd_firmware | - | |
| slackware | slackware_linux | 14.0 | |
| slackware | slackware_linux | 14.1 | |
| slackware | slackware_linux | 14.2 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| netapp | cloud_backup | - | |
| netapp | steelstore_cloud_integrated_storage | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46261C28-E276-4639-BA3D-A735B02599F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C997777-BE79-4F77-90D7-E1A71D474D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:synology:virtual_diskstation_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5342AD6-8273-4215-BA0F-1457A628DB14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01527614-8A68-48DC-B0A0-F4AA99489221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65372FA7-B54B-4298-99BF-483E9FEBA253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:synology:diskstation_manager:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D04EA1A-F8E0-415B-8786-1C8C0F08E132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "936EF68B-2A93-402C-BED4-20E6EDB2F102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B46F08-93A8-49D9-AC5D-43E19C062FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65ED7B3-FD80-4D2B-B11D-AAABB34C49CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704."
},
{
"lang": "es",
"value": "ntpd en ntp, en versiones 4.2.8p4 anteriores a la 4.2.8p11, env\u00eda paquetes malos antes de actualizar la marca de tiempo \"received\". Esto permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (interrupci\u00f3n) mediante el env\u00edo de un paquete con una marca de tiempo zero-origin que provoca que la asociaci\u00f3n se restablezca y establezca el contenido del paquete como la marca de tiempo m\u00e1s reciente. Este problema es el resultado de una soluci\u00f3n incompleta para CVE-2015-7704."
}
],
"id": "CVE-2018-7184",
"lastModified": "2025-01-14T19:29:55.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-06T20:29:01.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3453"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103192"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el instalador de Windows para NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a trav\u00e9s de una ruta de la aplicaci\u00f3n en la l\u00ednea de comandos."
}
],
"id": "CVE-2017-6452",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3383"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97078"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-13 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos eludir el mecanismo de protecci\u00f3n de la marca de tiempo de origen a trav\u00e9s de una marca de tiempo de origen de cero. NOTA: esta vulnerabilidad existe debido a una regresi\u00f3n de CVE-2015-8138."
}
],
"id": "CVE-2016-7431",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-13T16:59:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3102"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94454"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-06 21:59
Modified
2025-04-20 01:37
Severity ?
Summary
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*",
"matchCriteriaId": "05D076CA-85DD-48B4-9A8A-F413FFBFB55F",
"versionEndIncluding": "4.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled."
},
{
"lang": "es",
"value": "Un atacante fuera de ruta puede provocar que una asociaci\u00f3n de clientes preventiva sea desmovilizada en NTP 4.2.8p4 y versiones anteriores y NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 enviando un paquete NAK encriptado a un cliente v\u00edctima con una direcci\u00f3n fuente suplantada de un asociado existente. Esto es cierto incluso si la autenticaci\u00f3n est\u00e1 habilitada."
}
],
"id": "CVE-2016-1547",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-06T21:59:00.320",
"references": [
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "cret@cert.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/88276"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "cret@cert.org",
"tags": [
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
},
{
"source": "cret@cert.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "cret@cert.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cret@cert.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cret@cert.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "cret@cert.org",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cret@cert.org",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "cret@cert.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cret@cert.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/88276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Technical Description",
"Third Party Advisory"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | * | |
| ntp | ntp | * | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.2.8 | |
| netapp | oncommand_performance_manager | - | |
| netapp | oncommand_unified_manager | - | |
| netapp | clustered_data_ontap | - | |
| netapp | data_ontap | - | |
| citrix | xenserver | 6.0.2 | |
| citrix | xenserver | 6.2.0 | |
| citrix | xenserver | 6.5 | |
| citrix | xenserver | 7.0 | |
| siemens | tim_4r-ie_firmware | * | |
| siemens | tim_4r-ie | - | |
| siemens | tim_4r-ie_dnp3_firmware | * | |
| siemens | tim_4r-ie_dnp3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C240BAAB-8C12-4501-9DC6-FB877304E908",
"versionEndExcluding": "4.2.8",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79494F07-6081-497D-8A2D-B05486599EAE",
"versionEndExcluding": "4.3.77",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "212E1878-1B9A-4CB4-A1CE-EAD60B867161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*",
"matchCriteriaId": "95B173E0-1475-4F8D-A982-86F36BE3DD4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "392A1364-2739-450D-9E19-DFF93081C2C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F31DB577-72CD-49CC-8AF5-23098503939E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenserver:6.5:-:*:*:*:*:*:*",
"matchCriteriaId": "3CC06F6C-6C15-444F-B159-235D347E5929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "405F950F-0772-41A3-8B72-B67151CC1376",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E16E82E3-9A85-41A4-8A33-12AE45A1B584",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE27728D-D37B-43FC-BA8A-0E930DDBD10B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests."
},
{
"lang": "es",
"value": "La funcionalidad de limitaci\u00f3n de velocidad en NTP 4.x en versiones anteriores a la 4.2.8p4 y 4.3.x en versiones anteriores a la 4.3.77 permite que atacantes remotos provoquen errores sin especificar empleando un gran n\u00famero de peticiones manipuladas."
}
],
"id": "CVE-2015-7705",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T20:29:00.730",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"source": "cve@mitre.org",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77284"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "cve@mitre.org",
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274184"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "cve@mitre.org",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "cve@mitre.org",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n reslist en ntpq en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a servidores remotos tener un impacto no especificado a trav\u00e9s de una variable flagstr larga en una respuesta de lista de restricciones."
}
],
"id": "CVE-2017-6460",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-21 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| suse | linux_enterprise_debuginfo | 11 | |
| suse | linux_enterprise_debuginfo | 11 | |
| suse | linux_enterprise_server | 10 | |
| suse | linux_enterprise_server | 11 | |
| suse | linux_enterprise_server | 11 | |
| suse | manager | 2.1 | |
| suse | manager_proxy | 2.1 | |
| suse | openstack_cloud | 5 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_hpc_node | 6.0 | |
| redhat | enterprise_linux_hpc_node | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 | |
| canonical | ubuntu_linux | 15.10 | |
| ntp | ntp | * | |
| novell | leap | 42.2 | |
| opensuse | leap | 42.1 | |
| siemens | tim_4r-ie_firmware | * | |
| siemens | tim_4r-ie | - | |
| siemens | tim_4r-id_dnp3_firmware | * | |
| siemens | tim_4r-id_dnp3 | - | |
| oracle | linux | 6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
"matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"matchCriteriaId": "B12243B2-D726-404C-ABFF-F1AB51BA1783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A33B9F5-E0D1-4A3E-9FFB-5602A25F3227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0F5A0-70D9-4305-A834-B6FF71E27B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*",
"matchCriteriaId": "88BCD7DC-0FEF-477D-8698-F8D8F1A49D90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:p355:*:*:*:*:*:*",
"matchCriteriaId": "07FBDFE4-D886-4461-A360-480F50BD12C7",
"versionEndIncluding": "4.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A64AAD2D-38ED-4BA2-A27A-A2716F28D43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0730ED6-676B-4200-BC07-C0B4531B242C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B87B16C-9E9F-448B-9255-B2BB2B8CAD63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:tim_4r-id_dnp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8851DB6-6B63-4D78-A100-50F81B4DF75B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:tim_4r-id_dnp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8AC343-6F4F-4CAF-BD09-F8F1D2F6DBB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
"matchCriteriaId": "D7B037A8-72A6-4DFF-94B2-D688A5F6F876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet."
},
{
"lang": "es",
"value": "La funci\u00f3n ULOGTOD en el archivo ntp.d en SNTP en versiones anteriores a la 4.2.7p366 no realiza apropiadamente las conversiones de tipo de un valor de precisi\u00f3n a uno doble, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) por medio de un paquete NTP creado."
}
],
"id": "CVE-2015-5219",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-21T14:29:00.867",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76473"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/76473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-704"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-27 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ntp | ntp | 4.2.8 | |
| ntp | ntp | 4.3.0 | |
| ntp | ntp | 4.3.1 | |
| ntp | ntp | 4.3.2 | |
| ntp | ntp | 4.3.3 | |
| ntp | ntp | 4.3.4 | |
| ntp | ntp | 4.3.5 | |
| ntp | ntp | 4.3.6 | |
| ntp | ntp | 4.3.7 | |
| ntp | ntp | 4.3.8 | |
| ntp | ntp | 4.3.9 | |
| ntp | ntp | 4.3.10 | |
| ntp | ntp | 4.3.11 | |
| ntp | ntp | 4.3.12 | |
| ntp | ntp | 4.3.13 | |
| ntp | ntp | 4.3.14 | |
| ntp | ntp | 4.3.15 | |
| ntp | ntp | 4.3.16 | |
| ntp | ntp | 4.3.17 | |
| ntp | ntp | 4.3.18 | |
| ntp | ntp | 4.3.19 | |
| ntp | ntp | 4.3.20 | |
| ntp | ntp | 4.3.21 | |
| ntp | ntp | 4.3.22 | |
| ntp | ntp | 4.3.23 | |
| ntp | ntp | 4.3.24 | |
| ntp | ntp | 4.3.25 | |
| ntp | ntp | 4.3.26 | |
| ntp | ntp | 4.3.27 | |
| ntp | ntp | 4.3.28 | |
| ntp | ntp | 4.3.29 | |
| ntp | ntp | 4.3.30 | |
| ntp | ntp | 4.3.31 | |
| ntp | ntp | 4.3.32 | |
| ntp | ntp | 4.3.33 | |
| ntp | ntp | 4.3.34 | |
| ntp | ntp | 4.3.35 | |
| ntp | ntp | 4.3.36 | |
| ntp | ntp | 4.3.37 | |
| ntp | ntp | 4.3.38 | |
| ntp | ntp | 4.3.39 | |
| ntp | ntp | 4.3.40 | |
| ntp | ntp | 4.3.41 | |
| ntp | ntp | 4.3.42 | |
| ntp | ntp | 4.3.43 | |
| ntp | ntp | 4.3.44 | |
| ntp | ntp | 4.3.45 | |
| ntp | ntp | 4.3.46 | |
| ntp | ntp | 4.3.47 | |
| ntp | ntp | 4.3.48 | |
| ntp | ntp | 4.3.49 | |
| ntp | ntp | 4.3.50 | |
| ntp | ntp | 4.3.51 | |
| ntp | ntp | 4.3.52 | |
| ntp | ntp | 4.3.53 | |
| ntp | ntp | 4.3.54 | |
| ntp | ntp | 4.3.55 | |
| ntp | ntp | 4.3.56 | |
| ntp | ntp | 4.3.57 | |
| ntp | ntp | 4.3.58 | |
| ntp | ntp | 4.3.59 | |
| ntp | ntp | 4.3.60 | |
| ntp | ntp | 4.3.61 | |
| ntp | ntp | 4.3.62 | |
| ntp | ntp | 4.3.63 | |
| ntp | ntp | 4.3.64 | |
| ntp | ntp | 4.3.65 | |
| ntp | ntp | 4.3.66 | |
| ntp | ntp | 4.3.67 | |
| ntp | ntp | 4.3.68 | |
| ntp | ntp | 4.3.69 | |
| ntp | ntp | 4.3.70 | |
| ntp | ntp | 4.3.71 | |
| ntp | ntp | 4.3.72 | |
| ntp | ntp | 4.3.73 | |
| ntp | ntp | 4.3.74 | |
| ntp | ntp | 4.3.75 | |
| ntp | ntp | 4.3.76 | |
| ntp | ntp | 4.3.77 | |
| ntp | ntp | 4.3.78 | |
| ntp | ntp | 4.3.79 | |
| ntp | ntp | 4.3.80 | |
| ntp | ntp | 4.3.81 | |
| ntp | ntp | 4.3.82 | |
| ntp | ntp | 4.3.83 | |
| ntp | ntp | 4.3.84 | |
| ntp | ntp | 4.3.85 | |
| ntp | ntp | 4.3.86 | |
| ntp | ntp | 4.3.87 | |
| ntp | ntp | 4.3.88 | |
| ntp | ntp | 4.3.89 | |
| ntp | ntp | 4.3.90 | |
| ntp | ntp | 4.3.91 | |
| ntp | ntp | 4.3.92 | |
| ntp | ntp | 4.3.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B23D9009-DF45-44C1-80DF-CEEC9B9E3F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43921601-667E-4415-83BE-E5B39D969BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75DD9C02-0C46-4785-8D77-C5465E4ED967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A497BADE-0516-494F-89FA-EAFC6AD17F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4298439A-EAF2-4CAA-990B-4AA37E7A0E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "30E9C822-C04A-4908-9596-76F9FB561206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842963D1-C78C-48B5-A8D2-BC018854E5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "121ED6C5-8985-4DEF-9040-2AC63582E596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "68499DA4-64EF-412F-A434-8E0F78D77CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "836C5AC9-463F-4703-81B9-7B5484F47A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FED14811-8F49-4796-BADD-DB7973EC32DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EB2830-ADE5-4C87-964E-16748BF88EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8C0284FD-2933-4160-80D2-53B32CD73287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D9AB963A-7284-433F-9890-5AE402E4E000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "EEDEFF7A-D964-4D9A-93BF-41E9D16EA793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9C434153-911C-4F07-ADD0-0EAB47F96E89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8183B043-8B96-4A8B-A5C9-544D4F1CED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE349AB-44CB-4263-80CE-59DFD572B363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB55DF6-567F-4B6A-81E1-9013914416D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "80727B0B-AB5E-46CC-9DDF-F319C2D9B242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755962-2D5F-41E6-9BDB-C2ECBCCD2818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "A202FDAD-D757-4850-9D1E-C31B0F3BA718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C4069EF5-DC7D-4487-8636-AC2EAB17BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "73DF3A5C-F1D9-468E-BD08-5E2578898DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0858AE44-4B0A-4941-B4A8-937B557D1448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*",
"matchCriteriaId": "979C84FF-CB21-4819-B3CA-1A55FDF20BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*",
"matchCriteriaId": "94709B39-C394-4B44-A362-9429F4CB9D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4526AC-6BCC-43A5-B501-263D0ED0655B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E04FF6B4-CD1C-4AC1-B286-D6AB705D680B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA130B1-DD20-4E98-963F-61E85A09E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAC9B73-5020-47C9-803E-ABB6162AADE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6B7B5-3AC9-4442-BD91-3783C2B4235C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "D72F5C09-520B-486C-AD9A-9CBBFE6487CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*",
"matchCriteriaId": "097DED37-D3F3-45C4-B131-1C4294406722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*",
"matchCriteriaId": "85A4F607-0A9D-4F84-B50D-28C54E6EDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "8C689CAF-632A-4FF2-8C86-541EEDD574E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C8254-73DC-4AFA-A250-A8192DC917F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*",
"matchCriteriaId": "D344FA12-3C5F-418B-9209-EA8BDD230074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*",
"matchCriteriaId": "073A0AFF-C5C6-422E-BD63-2353AA4B58E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*",
"matchCriteriaId": "59B5DA29-4139-405D-8AA8-23FAECBBC5CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*",
"matchCriteriaId": "73F4D15D-6D2A-4730-B7CF-21284E92FEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "79A0C6AB-813F-4417-A98E-33FBB7AAB939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "815ABF0E-ED94-4426-8889-D3C2AECACC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "894612F1-8C51-4F66-AFE7-D8077F63E562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "63FD3D1E-08F8-4C7F-876C-47E88386B83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "E21A12E6-0802-4BDC-AF71-50D7D0433B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7EE44A-7D8B-41A5-82A6-04AEE50278CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6862529A-1AE5-4E2D-A4B0-E351D1900C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B6711-0F75-4FEA-8917-04391FC9D378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE639D9-0B1E-4DFB-B275-D11665FDA4AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "B35E9C41-0F2A-4790-B996-8EC00FA863F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "28BAB268-3A70-4422-9C6C-49E6453D750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5960F1-DDA9-4885-952F-450EC00B5C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*",
"matchCriteriaId": "E725D449-BBC2-40E3-BF53-D9BF7B4F57D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*",
"matchCriteriaId": "B10975CB-56EB-44D0-BDEF-60484B6BD85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*",
"matchCriteriaId": "16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9D7AD6-6BDB-4519-B9F8-3181E21850FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*",
"matchCriteriaId": "B061FF9A-0D00-429D-9B2F-14EEA41E7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CB0260-2A96-41A8-81A0-8E9722B22D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*",
"matchCriteriaId": "AE037065-9E33-4A5A-8188-1F086D7BE394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*",
"matchCriteriaId": "70200031-5902-416D-A140-DC2CDFDAF683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*",
"matchCriteriaId": "575C5F15-2C16-4B39-A718-1641DDD88F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*",
"matchCriteriaId": "42631437-772B-45E0-A1F3-5D9E2FC77D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CA9E62EF-E21F-421F-9A57-54A551CEC441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*",
"matchCriteriaId": "871E046E-013A-4E10-9457-4D1F407519EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4B06F-AD55-4D61-B966-B38B854C0A75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*",
"matchCriteriaId": "19817731-42C2-4745-88F2-D27258FC7DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*",
"matchCriteriaId": "77479EEE-F81B-4653-8FAD-0AFBA3C71B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*",
"matchCriteriaId": "0208619E-9179-46D9-8E47-6CB5B4046DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC16904-03FC-42B2-89F0-CA0D59A5FB91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3980D1-54F1-4C2F-B140-B2F18D8958A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*",
"matchCriteriaId": "0C845718-520A-42CB-9BA7-00723694A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*",
"matchCriteriaId": "431DA557-0977-43C2-8DEF-127B1BAA9F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*",
"matchCriteriaId": "733C0A5D-3A0A-4449-9DE0-BD06D4942799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E5DAD5-465A-4A53-856A-1F674723EB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FE37F4-C8E6-42CC-A799-563637F6B85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*",
"matchCriteriaId": "72F9DD05-E521-45D3-994E-0400DA0070BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.92:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DA733E-A2BB-4F72-BE9A-AF1ADD1881A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.3.93:*:*:*:*:*:*:*",
"matchCriteriaId": "816E4E2B-7E33-49A0-85E1-EF1755F6BB45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive."
},
{
"lang": "es",
"value": "NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda ntpd) a trav\u00e9s de una directiva de configuraci\u00f3n de modo mal formado."
}
],
"id": "CVE-2017-6464",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-27T17:59:00.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3389"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97050"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"source": "cve@mitre.org",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208144"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-17 04:15
Modified
2025-05-05 17:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E63507D-C475-4379-85A5-185F19BEDCEE",
"versionEndIncluding": "4.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCEB0CC2-6D54-4206-87DA-24ABA3C4867F",
"versionEndExcluding": "4.3.100",
"versionStartIncluding": "4.3.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*",
"matchCriteriaId": "EEA51D83-5841-4335-AF07-7A43C118CAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*",
"matchCriteriaId": "C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*",
"matchCriteriaId": "49ADE0C3-F75C-4EC0-8805-56013F0EB92C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*",
"matchCriteriaId": "D8FF625A-EFA3-43D1-8698-4A37AE31A07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*",
"matchCriteriaId": "E3B99BBD-97FE-4615-905A-A614592226F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7A9AD3A-F030-4331-B52A-518BD963AB8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*",
"matchCriteriaId": "C293B8BE-6691-4944-BCD6-25EB98CABC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "CEA650F8-2576-494A-A861-61572CA319D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "4ED21EE8-7CBF-4BC5-BFC3-185D41296238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*",
"matchCriteriaId": "0BC62D4E-D519-458C-BE4E-10DDB73A97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*",
"matchCriteriaId": "1C420117-862A-41A9-BAE8-8B3478FAEBC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*",
"matchCriteriaId": "4A484251-3220-498C-83FE-A04B013A31A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*",
"matchCriteriaId": "E0CE4157-852B-42ED-A77C-8A17B189432E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*",
"matchCriteriaId": "C76A0B44-13DE-4173-8D05-DA54F6A71759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "1450241C-2F6D-4122-B33C-D78D065BA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "721AFD22-91D3-488E-A5E6-DD84C86E412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*",
"matchCriteriaId": "41E44E9F-6383-4E12-AEDC-B653FEA77A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "466D9A37-2658-4695-9429-0C6BF4A631C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*",
"matchCriteriaId": "99774181-5F12-446C-AC2C-DB1C52295EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*",
"matchCriteriaId": "4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*",
"matchCriteriaId": "99C71C00-7222-483B-AEFB-159337BD3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*",
"matchCriteriaId": "75A9AA28-1B20-44BB-815C-7294A53E910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*",
"matchCriteriaId": "8C213794-111D-41F3-916C-AD97F731D600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*",
"matchCriteriaId": "50811A7B-0379-4437-8737-B4C1ACBC9EFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*",
"matchCriteriaId": "F12E4CF5-536C-416B-AD8D-6AE7CBE22C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
"matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*",
"matchCriteriaId": "6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13270F58-E106-48CE-9933-E68AABBBFC21",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "A81C8303-BB94-4D35-9823-44385C375F67",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "066C2961-E9C4-418E-82AF-1A7C35D5C085",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED6CAE-D97F-49E0-9D00-1642A3A427B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC4299D-05D3-4875-BC79-C3DC02C88ECE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02DEB4FB-A21D-4CB1-B522-EEE5093E8521",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299AD352-A486-44A7-8507-FB3C3311BB37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fabric-attached_storage_8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E89C80-A70B-48A3-A076-D9F031C25D1C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE584D20-5B46-42B9-B87D-5F4771CED73F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fabric-attached_storage_8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9B5939-68D6-47E1-AFCA-F709F46136C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA5679F-B7F4-482B-92B3-52121124829F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F063AC-FC82-45E4-A977-243FB3569904",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5753F36-9BB4-47FF-806C-D1C77E8AD0F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA68733C-FB68-4230-B237-C99AC979AD90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0F881B-5A23-42F7-8A6B-02BDD10A74DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "049791FD-C7CE-43E0-8B7B-363B49B40D4A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:all_flash_fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64532D9C-EE55-4C70-B230-54C9C20536FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:all_flash_fabric-attached_storage_a400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2527D2C3-EDA7-4B8A-82AB-A4F20C731E2D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp."
},
{
"lang": "es",
"value": "ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x anteriores a 4.3.100, permite a un atacante fuera de ruta bloquear una sincronizaci\u00f3n no autenticada por medio de un paquete en modo server con una direcci\u00f3n IP de origen falsificado, porque las transmisiones son reprogramados aun cuando un paquete carece de una marca de tiempo de origen valido."
}
],
"id": "CVE-2020-11868",
"lastModified": "2025-05-05T17:15:57.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2020-04-17T04:15:10.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3592"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200424-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200424-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2015-7979 (GCVE-0-2015-7979)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81816"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-15T20:21:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81816"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81816"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7979",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-10-23T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7704 (GCVE-0-2015-7704)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
},
{
"name": "RHSA-2015:1930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "77280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77280"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "RHSA-2015:2520",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2520.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:55:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
},
{
"name": "RHSA-2015:1930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "77280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77280"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "RHSA-2015:2520",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2520.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271070"
},
{
"name": "RHSA-2015:1930",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "77280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77280"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2901",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2901"
},
{
"name": "https://support.citrix.com/article/CTX220112",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220112"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
"refsource": "MISC",
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"name": "https://eprint.iacr.org/2015/1020.pdf",
"refsource": "MISC",
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "RHSA-2015:2520",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2520.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2901",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7704",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15025 (GCVE-0-2020-15025)
Vulnerability from cvelistv5
Published
2020-06-24 18:04
Modified
2024-08-04 13:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.ntp.org/bin/view/Main/NtpBug3661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/729458"
},
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:H/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.ntp.org/bin/view/Main/NtpBug3661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/729458"
},
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:H/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea",
"refsource": "MISC",
"url": "https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea"
},
{
"name": "https://support.ntp.org/bin/view/Main/NtpBug3661",
"refsource": "MISC",
"url": "https://support.ntp.org/bin/view/Main/NtpBug3661"
},
{
"name": "https://bugs.gentoo.org/729458",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/729458"
},
{
"name": "openSUSE-SU-2020:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200702-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200702-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15025",
"datePublished": "2020-06-24T18:04:39",
"dateReserved": "2020-06-24T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8138 (GCVE-0-2015-8138)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:0063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "81811",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81811"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:23:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:0063",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "81811",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81811"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "RHSA-2016:0063",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0063.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "FEDORA-2016-8bb1932088",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "20161123 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "81811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81811"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8138",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7701 (GCVE-0-2015-7701)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "77281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77281"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274255"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "77281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77281"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274255"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2909",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2909"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "77281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77281"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274255",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274255"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7701",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7978 (GCVE-0-2015-7978)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "81962",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81962"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "81962",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81962"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "FEDORA-2016-8bb1932088",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "81962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81962"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7978",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-10-23T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9310 (GCVE-0-2016-9310)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "94452",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94452"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "94452",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94452"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3118",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3118"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "94452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94452"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9310",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-11-14T00:00:00",
"dateUpdated": "2024-08-06T02:50:37.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26554 (GCVE-0-2023-26554)
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2025-02-11 15:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26554"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26554",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:26:09.398238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:26:14.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a \u0027\\0\u0027 character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26554"
},
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26554",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-02-25T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:26:14.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7182 (GCVE-0-2018-7182)
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:10.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "45846",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45846/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "103191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103191"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "45846",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45846/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "103191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103191"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3412",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3412"
},
{
"name": "USN-3707-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "45846",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45846/"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "103191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103191"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7182",
"datePublished": "2018-03-06T20:00:00",
"dateReserved": "2018-02-16T00:00:00",
"dateUpdated": "2024-08-05T06:24:10.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4957 (GCVE-0-2016-4957)
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/3046"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/3046"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "openSUSE-SU-2016:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "http://bugs.ntp.org/3046",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/3046"
},
{
"name": "1036037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2016:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3046",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3046"
},
{
"name": "SUSE-SU-2016:1563",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4957",
"datePublished": "2016-07-05T01:00:00",
"dateReserved": "2016-05-23T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12327 (GCVE-0-2018-12327)
Vulnerability from cvelistv5
Published
2018-06-20 14:00
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3854"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"
},
{
"name": "104517",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104517"
},
{
"name": "44909",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44909/"
},
{
"name": "RHSA-2018:3853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3853"
},
{
"name": "GLSA-201903-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"name": "RHSA-2019:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4229-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4229-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T20:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:3854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3854"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"
},
{
"name": "104517",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104517"
},
{
"name": "44909",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44909/"
},
{
"name": "RHSA-2018:3853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3853"
},
{
"name": "GLSA-201903-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"name": "RHSA-2019:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4229-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4229-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3854"
},
{
"name": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f"
},
{
"name": "104517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104517"
},
{
"name": "44909",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44909/"
},
{
"name": "RHSA-2018:3853",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3853"
},
{
"name": "GLSA-201903-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"name": "RHSA-2019:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2077"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4229-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4229-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12327",
"datePublished": "2018-06-20T14:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8140 (GCVE-0-2015-8140)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2947"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T11:05:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2947"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2947",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2947"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200204-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8140",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7184 (GCVE-0-2018-7184)
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "103192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103192"
},
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3453"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "103192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103192"
},
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3453"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the \"received\" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "103192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103192"
},
{
"name": "GLSA-201805-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3453",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3453"
},
{
"name": "USN-3707-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7184",
"datePublished": "2018-03-06T20:00:00",
"dateReserved": "2018-02-16T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7852 (GCVE-0-2015-7852)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2919"
},
{
"name": "77288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77288"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2919"
},
{
"name": "77288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77288"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2919",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2919"
},
{
"name": "77288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77288"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7852",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6452 (GCVE-0-2017-6452)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:19.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3383"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97078",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97078"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-23T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3383"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97078",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97078"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3383",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3383"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97078"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6452",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:19.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7974 (GCVE-0-2015-7974)
Vulnerability from cvelistv5
Published
2016-01-26 19:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0071/"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "81960",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2936"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2936"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-15T21:08:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintel.com/reports/TALOS-2016-0071/"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "81960",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2936"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2936"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintel.com/reports/TALOS-2016-0071/",
"refsource": "MISC",
"url": "http://www.talosintel.com/reports/TALOS-2016-0071/"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "81960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81960"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2936",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2936"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2936",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2936"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7974",
"datePublished": "2016-01-26T19:00:00",
"dateReserved": "2015-10-23T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7849 (GCVE-0-2015-7849)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2916"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77276"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2916"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77276"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274257",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274257"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2916",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2916"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77276"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7849",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4956 (GCVE-0-2016-4956)
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:40.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "91009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91009"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/3042"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T12:00:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "91009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91009"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/3042"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "91009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91009"
},
{
"name": "openSUSE-SU-2016:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"name": "1036037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3042",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3042"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "http://bugs.ntp.org/3042",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/3042"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4956",
"datePublished": "2016-07-05T01:00:00",
"dateReserved": "2016-05-23T00:00:00",
"dateUpdated": "2024-08-06T00:46:40.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6460 (GCVE-0-2017-6460)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:19.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "97052",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T16:03:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "97052",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "97052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97052"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3377",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2017-6460",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2017-6460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6460",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:19.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0021 (GCVE-0-2009-0021)
Vulnerability from cvelistv5
Published
2009-01-07 17:00
Modified
2024-08-07 04:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"name": "1021533",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021533"
},
{
"name": "[announce] 20090108 NTP 4.2.4p6 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.ntp.org/pipermail/announce/2009-January/000055.html"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "RHSA-2009:0046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0046.html"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "33558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33558"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-016.html"
},
{
"name": "SSA:2009-014-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.531177"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "33648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33648"
},
{
"name": "33406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33406"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "oval:org.mitre.oval:def:10035",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10035"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "ADV-2009-0042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"name": "1021533",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021533"
},
{
"name": "[announce] 20090108 NTP 4.2.4p6 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.ntp.org/pipermail/announce/2009-January/000055.html"
},
{
"name": "34642",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34642"
},
{
"name": "RHSA-2009:0046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0046.html"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "33558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33558"
},
{
"name": "SUSE-SR:2009:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-016.html"
},
{
"name": "SSA:2009-014-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.531177"
},
{
"name": "SUSE-SR:2009:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "33648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33648"
},
{
"name": "33406",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33406"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "oval:org.mitre.oval:def:10035",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10035"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "ADV-2009-0042",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0042"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0021",
"datePublished": "2009-01-07T17:00:00",
"dateReserved": "2008-12-15T00:00:00",
"dateUpdated": "2024-08-07T04:17:10.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8139 (GCVE-0-2015-8139)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:31.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "FEDORA-2016-89e0874533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2946"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "82105",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82105"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FEDORA-2016-50b0066b7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T11:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "FEDORA-2016-89e0874533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2946"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "82105",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/82105"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FEDORA-2016-50b0066b7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "FEDORA-2016-89e0874533",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2946",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2946"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "82105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82105"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FEDORA-2016-50b0066b7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200204-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200204-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8139",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:31.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7851 (GCVE-0-2015-7851)
Vulnerability from cvelistv5
Published
2020-01-28 16:35
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintel.com/reports/TALOS-2015-0062/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2918"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \u0027\\\u0027 or \u0027/\u0027 characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-28T16:35:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintel.com/reports/TALOS-2015-0062/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2918"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use \u0027\\\u0027 or \u0027/\u0027 characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintel.com/reports/TALOS-2015-0062/",
"refsource": "MISC",
"url": "http://www.talosintel.com/reports/TALOS-2015-0062/"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2918",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2918"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7851",
"datePublished": "2020-01-28T16:35:21",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7170 (GCVE-0-2018-7170)
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:10.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550214"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "103194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550214"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "103194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\u0027s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550214",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550214"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3415",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3415"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "103194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103194"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7170",
"datePublished": "2018-03-06T20:00:00",
"dateReserved": "2018-02-15T00:00:00",
"dateUpdated": "2024-08-05T06:24:10.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1799 (GCVE-0-2015-1799)
Vulnerability from cvelistv5
Published
2015-04-08 10:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3222"
},
{
"name": "20150408 Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38275"
},
{
"name": "[chrony-announce] 20150407 chrony-1.31.1 released (security)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"
},
{
"name": "USN-2567-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"name": "VU#374268",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"name": "73950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73950"
},
{
"name": "SSRT102029",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"name": "FEDORA-2015-5761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10114"
},
{
"name": "FEDORA-2015-5874",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:0775",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201509-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "HPSBUX03333",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"name": "MDVSA-2015:202",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "HPSBHF03557",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145750740530849\u0026w=2"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2781"
},
{
"name": "20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "1032031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3222"
},
{
"name": "20150408 Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38275"
},
{
"name": "[chrony-announce] 20150407 chrony-1.31.1 released (security)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"
},
{
"name": "USN-2567-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"name": "VU#374268",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"name": "73950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73950"
},
{
"name": "SSRT102029",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"name": "FEDORA-2015-5761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10114"
},
{
"name": "FEDORA-2015-5874",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:0775",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201509-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "HPSBUX03333",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"name": "MDVSA-2015:202",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "HPSBHF03557",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=145750740530849\u0026w=2"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2781"
},
{
"name": "20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "1032031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032031"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1799",
"datePublished": "2015-04-08T10:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7434 (GCVE-0-2016-7434)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "94448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94448"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3082"
},
{
"name": "40806",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40806/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "94448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94448"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3082"
},
{
"name": "40806",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40806/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "94448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94448"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3082",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3082"
},
{
"name": "40806",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40806/"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7434",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6459 (GCVE-0-2017-6459)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:19.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3382"
},
{
"name": "97076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-23T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3382"
},
{
"name": "97076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3382",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3382"
},
{
"name": "97076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97076"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6459",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:19.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7850 (GCVE-0-2015-7850)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2917"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274258"
},
{
"name": "77279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77279"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2917"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274258"
},
{
"name": "77279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77279"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2917",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2917"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274258",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274258"
},
{
"name": "77279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77279"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7850",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7871 (GCVE-0-2015-7871)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "77287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77287"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T11:06:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "77287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77287"
},
{
"name": "GLSA-201604-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2941",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2941"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274265"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "77287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77287"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7871",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-19T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4954 (GCVE-0-2016-4954)
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/3044"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T11:59:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/3044"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "openSUSE-SU-2016:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"name": "1036037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3044",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3044"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "http://bugs.ntp.org/3044",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/3044"
},
{
"name": "SUSE-SU-2016:1563",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4954",
"datePublished": "2016-07-05T01:00:00",
"dateReserved": "2016-05-23T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5211 (GCVE-0-2013-5211)
Vulnerability from cvelistv5
Published
2014-01-02 11:00
Modified
2024-08-06 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59288"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "openSUSE-SU-2014:1149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "HPSBUX02960",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"name": "TA14-013A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
},
{
"name": "64692",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64692"
},
{
"name": "VU#348126",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/348126"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/6"
},
{
"name": "59726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59726"
},
{
"name": "1030433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
},
{
"name": "[pool] 20111210 Odd surge in traffic today",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
},
{
"name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/7"
},
{
"name": "SSRT101419",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-08T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59288"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "openSUSE-SU-2014:1149",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "HPSBUX02960",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"name": "TA14-013A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
},
{
"name": "64692",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64692"
},
{
"name": "VU#348126",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/348126"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/6"
},
{
"name": "59726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59726"
},
{
"name": "1030433",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
},
{
"name": "[pool] 20111210 Odd surge in traffic today",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
},
{
"name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/7"
},
{
"name": "SSRT101419",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59288"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "openSUSE-SU-2014:1149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00031.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "HPSBUX02960",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"name": "TA14-013A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA14-013A"
},
{
"name": "64692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64692"
},
{
"name": "VU#348126",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/348126"
},
{
"name": "HPSBOV03505",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "[oss-security] 20131230 CVE to the ntp monlist DDoS issue?",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/30/6"
},
{
"name": "59726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59726"
},
{
"name": "1030433",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030433"
},
{
"name": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz",
"refsource": "CONFIRM",
"url": "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-dev/ntp-dev-4.2.7p26.tar.gz"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-051-04"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory.asc"
},
{
"name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095861"
},
{
"name": "[pool] 20111210 Odd surge in traffic today",
"refsource": "MLIST",
"url": "http://lists.ntp.org/pipermail/pool/2011-December/005616.html"
},
{
"name": "[oss-security] 20131230 Re: CVE to the ntp monlist DDoS issue?",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/30/7"
},
{
"name": "SSRT101419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=138971294629419\u0026w=2"
},
{
"name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892",
"refsource": "CONFIRM",
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095892"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=1532",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=1532"
},
{
"name": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/puppetlabs-ntp-nov-2015-advisory"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5211",
"datePublished": "2014-01-02T11:00:00",
"dateReserved": "2013-08-15T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7427 (GCVE-0-2016-7427)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3114"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3114"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3114",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3114"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7427",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7431 (GCVE-0-2016-7431)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"name": "94454",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3102"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"name": "openSUSE-SU-2016:3280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T16:41:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"name": "94454",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3102"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"name": "openSUSE-SU-2016:3280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"name": "94454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94454"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3102",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3102"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"name": "openSUSE-SU-2016:3280",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "USN-3349-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7431",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4953 (GCVE-0-2016-4953)
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "91010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91010"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/3045"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T12:08:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "91010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91010"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/3045"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "91010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91010"
},
{
"name": "openSUSE-SU-2016:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03757en_us"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3045",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3045"
},
{
"name": "1036037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "http://bugs.ntp.org/3045",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/3045"
},
{
"name": "openSUSE-SU-2016:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540683/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20170607 [security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540683/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4953",
"datePublished": "2016-07-05T01:00:00",
"dateReserved": "2016-05-23T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6451 (GCVE-0-2017-6451)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3378"
},
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "97058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97058"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3378"
},
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "97058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97058"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3378",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3378"
},
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "97058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97058"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6451",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5219 (GCVE-0-2015-5219)
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
},
{
"name": "openSUSE-SU:2016:3280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
},
{
"name": "76473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76473"
},
{
"name": "SUSE-SU:2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FEDORA-2015-14212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"name": "FEDORA-2015-14213",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-15T20:35:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory4.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8"
},
{
"name": "openSUSE-SU:2016:3280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=51786731Gr4-NOrTBC_a_uXO4wuGhg"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255118"
},
{
"name": "76473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76473"
},
{
"name": "SUSE-SU:2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FEDORA-2015-14212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"name": "FEDORA-2015-14213",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5219",
"datePublished": "2017-07-21T14:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11331 (GCVE-0-2019-11331)
Vulnerability from cvelistv5
Published
2019-04-18 21:58
Modified
2024-08-04 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00"
},
{
"name": "108010",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K09940637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K09940637?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:07:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00"
},
{
"name": "108010",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K09940637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K09940637?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00",
"refsource": "MISC",
"url": "https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00"
},
{
"name": "108010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108010"
},
{
"name": "https://support.f5.com/csp/article/K09940637",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K09940637"
},
{
"name": "https://support.f5.com/csp/article/K09940637?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K09940637?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11331",
"datePublished": "2019-04-18T21:58:36",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0657 (GCVE-0-2004-0657)
Vulnerability from cvelistv5
Published
2004-07-13 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ntp-integer-bo(15406)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15406"
},
{
"name": "VU#584606",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/584606"
},
{
"name": "SSRT4718",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108922292425219\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server\u0027s time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ntp-integer-bo(15406)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15406"
},
{
"name": "VU#584606",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/584606"
},
{
"name": "SSRT4718",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108922292425219\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server\u0027s time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ntp-integer-bo(15406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15406"
},
{
"name": "VU#584606",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584606"
},
{
"name": "SSRT4718",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=108922292425219\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0657",
"datePublished": "2004-07-13T04:00:00",
"dateReserved": "2004-07-09T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8158 (GCVE-0-2015-8158)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:13:32.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "81814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81814"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2948"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "81814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81814"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2948"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "81814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81814"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2948",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2948"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8158",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-11-13T00:00:00",
"dateUpdated": "2024-08-06T08:13:32.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2516 (GCVE-0-2016-2516)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "88180",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88180"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3011"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "88180",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88180"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3011"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "88180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88180"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3011",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3011"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2516",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2016-02-20T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2518 (GCVE-0-2016-2518)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "88226",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88226"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K20804323"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T12:19:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "88226",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88226"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K20804323"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3009",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3009"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "88226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88226"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "https://support.f5.com/csp/article/K20804323",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K20804323"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2518",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2016-02-20T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26551 (GCVE-0-2023-26551)
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2025-02-11 15:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26551"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:31:32.628394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:32:41.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp\u003ccpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26551"
},
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26551",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-02-25T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:32:41.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9312 (GCVE-0-2016-9312)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3110"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-27T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3110"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94450"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3110",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3110"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9312",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-11-14T00:00:00",
"dateUpdated": "2024-08-06T02:50:37.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1547 (GCVE-0-2016-1547)
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unspecified
Summary
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NTP Project | NTP |
Version: 4.2.8p3 Version: 4.2.8p4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "88276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88276"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p3"
},
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:24:21",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "88276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88276"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p3"
},
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "88276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88276"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0081/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0081/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1547",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7702 (GCVE-0-2015-7702)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77286"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2899",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7702",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7976 (GCVE-0-2015-7976)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2938",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2938"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7976",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-10-23T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7973 (GCVE-0-2015-7973)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81963"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-15T20:40:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81963"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2935",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2935"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "81963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81963"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7973",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-10-23T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9042 (GCVE-0-2016-9042)
Vulnerability from cvelistv5
Published
2018-06-04 20:00
Modified
2024-09-17 03:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- denial of service
Summary
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Talos | Network Time Protocol |
Version: NTP 4.2.8p9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:09.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Time Protocol",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "NTP 4.2.8p9"
}
]
}
],
"datePublic": "2017-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:17:22",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-03-29T00:00:00",
"ID": "CVE-2016-9042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Time Protocol",
"version": {
"version_data": [
{
"version_value": "NTP 4.2.8p9"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
}
]
},
"impact": {
"cvss": {
"baseScore": 3.7,
"baseSeverity": "Low",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"name": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"name": "https://support.apple.com/kb/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT208144"
},
{
"name": "https://support.f5.com/csp/article/K39041624",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa147",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-9042",
"datePublished": "2018-06-04T20:00:00Z",
"dateReserved": "2016-10-26T00:00:00",
"dateUpdated": "2024-09-17T03:53:51.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7705 (GCVE-0-2015-7705)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "77284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "openSUSE-SU-2015:2016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:56:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "77284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "openSUSE-SU-2015:2016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "USN-2783-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "77284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77284"
},
{
"name": "https://support.citrix.com/article/CTX220112",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220112"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
"refsource": "MISC",
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "https://eprint.iacr.org/2015/1020.pdf",
"refsource": "MISC",
"url": "https://eprint.iacr.org/2015/1020.pdf"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274184",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274184"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2901",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2901"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"name": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "openSUSE-SU-2016:1329",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"name": "SUSE-SU-2016:1471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa103",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"name": "SUSE-SU-2016:1291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "openSUSE-SU-2015:2016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"name": "SUSE-SU-2016:1278",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7705",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7429 (GCVE-0-2016-7429)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3072"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94453"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3072",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3072"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7429",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2519 (GCVE-0-2016-2519)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88204"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88204"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3008",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3008"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88204"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2519",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2016-02-20T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5195 (GCVE-0-2015-5195)
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"name": "76474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76474"
},
{
"name": "FEDORA-2015-14212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"name": "FEDORA-2015-14213",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"name": "76474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76474"
},
{
"name": "FEDORA-2015-14212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
},
{
"name": "FEDORA-2015-14213",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5195",
"datePublished": "2017-07-21T14:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:07.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7975 (GCVE-0-2015-7975)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "81959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81959"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2937"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "81959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81959"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2937"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03766en_us"
},
{
"name": "81959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81959"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03750en_us"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2937",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2937"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7975",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-10-23T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7977 (GCVE-0-2015-7977)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2939"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "81815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/81815"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-15T20:33:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2939"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "FEDORA-2016-8bb1932088",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "81815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/81815"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160120 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products - January 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "SUSE-SU-2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2939",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2939"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "1034782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034782"
},
{
"name": "openSUSE-SU-2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "FEDORA-2016-8bb1932088",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171031-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171031-0001/"
},
{
"name": "81815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/81815"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU-2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "FreeBSD-SA-16:09",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7977",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2015-10-23T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3563 (GCVE-0-2009-3563)
Vulnerability from cvelistv5
Published
2009-12-09 00:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#568372",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"name": "38832",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/38832"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:11225",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"name": "38794",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "FEDORA-2009-13121",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"name": "38764",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/38764"
},
{
"tags": [
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"name": "oval:org.mitre.oval:def:19376",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"name": "37255",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"name": "SSRT101144",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "39593",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/39593"
},
{
"name": "IZ71047",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"name": "ADV-2010-0993",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"name": "DSA-1948",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"tags": [
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"tags": [
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"name": "HPSBUX02639",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"name": "1021781",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"name": "IZ68659",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"name": "SSRT100293",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"name": "oval:org.mitre.oval:def:7076",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"name": "37922",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/37922"
},
{
"name": "NetBSD-SA2010-005",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"name": "38834",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "FEDORA-2009-13090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"name": "1023298",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023298"
},
{
"name": "oval:org.mitre.oval:def:12141",
"tags": [
"vdb-entry",
"signature",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"name": "RHSA-2009:1651",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "37629",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/37629"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "HPSBUX02859",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "[announce] 20091208 NTP 4.2.4p8 Released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"name": "ADV-2010-0510",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"name": "RHSA-2009:1648",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name": "VU#417980",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/417980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T21:06:04.060505",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#568372",
"tags": [
"third-party-advisory"
],
"url": "http://www.kb.cert.org/vuls/id/568372"
},
{
"name": "38832",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/38832"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "oval:org.mitre.oval:def:11225",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225"
},
{
"url": "http://support.avaya.com/css/P8/documents/100071808"
},
{
"name": "38794",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"tags": [
"mailing-list"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "FEDORA-2009-13121",
"tags": [
"vendor-advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213"
},
{
"name": "38764",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/38764"
},
{
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode"
},
{
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J"
},
{
"name": "oval:org.mitre.oval:def:19376",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376"
},
{
"name": "37255",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/37255"
},
{
"name": "SSRT101144",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "39593",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/39593"
},
{
"name": "IZ71047",
"tags": [
"vendor-advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047"
},
{
"name": "ADV-2010-0993",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2010/0993"
},
{
"name": "DSA-1948",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1948"
},
{
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074"
},
{
"url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc"
},
{
"name": "HPSBUX02639",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"name": "1021781",
"tags": [
"vendor-advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1"
},
{
"name": "IZ68659",
"tags": [
"vendor-advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659"
},
{
"name": "SSRT100293",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2"
},
{
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331"
},
{
"name": "oval:org.mitre.oval:def:7076",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076"
},
{
"name": "37922",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/37922"
},
{
"name": "NetBSD-SA2010-005",
"tags": [
"vendor-advisory"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc"
},
{
"name": "38834",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/38834"
},
{
"name": "FEDORA-2009-13090",
"tags": [
"vendor-advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html"
},
{
"url": "http://security-tracker.debian.org/tracker/CVE-2009-3563"
},
{
"name": "1023298",
"tags": [
"vdb-entry"
],
"url": "http://securitytracker.com/id?1023298"
},
{
"name": "oval:org.mitre.oval:def:12141",
"tags": [
"vdb-entry",
"signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141"
},
{
"name": "RHSA-2009:1651",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "37629",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/37629"
},
{
"name": "RHSA-2010:0095",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html"
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691"
},
{
"name": "HPSBUX02859",
"tags": [
"vendor-advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "[announce] 20091208 NTP 4.2.4p8 Released",
"tags": [
"mailing-list"
],
"url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html"
},
{
"name": "ADV-2010-0510",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2010/0510"
},
{
"name": "RHSA-2009:1648",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html"
},
{
"url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7"
},
{
"name": "ADV-2010-0528",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name": "VU#417980",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/417980"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3563",
"datePublished": "2009-12-09T00:00:00",
"dateReserved": "2009-10-05T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1548 (GCVE-0-2016-1548)
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unspecified
Summary
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NTP Project | NTP |
Version: 4.2.8p4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "88264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88264"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "aa48d001683e5b791a743ec9c575aaf7d867a2b0c"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:22:11",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "88264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88264"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "aa48d001683e5b791a743ec9c575aaf7d867a2b0c"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-\u003edst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0082/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0082/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "88264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88264"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0082"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1548",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6462 (GCVE-0-2017-6462)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "97045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3388"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "RHSA-2017:3071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "RHSA-2018:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "97045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3388"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "RHSA-2017:3071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "RHSA-2018:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "97045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97045"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3388",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3388"
},
{
"name": "FreeBSD-SA-17:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "RHSA-2017:3071",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "RHSA-2018:0855",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6462",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7185 (GCVE-0-2018-7185)
Vulnerability from cvelistv5
Published
2018-03-06 20:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "103339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103339"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3454"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "103339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103339"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3454"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the \"other side\" of an interleaved association causing the victim ntpd to reset its association."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "GLSA-201805-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "103339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103339"
},
{
"name": "20180301 [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541824/100/0/threaded"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3454",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3454"
},
{
"name": "USN-3707-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7185",
"datePublished": "2018-03-06T20:00:00",
"dateReserved": "2018-02-16T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1798 (GCVE-0-2015-1798)
Vulnerability from cvelistv5
Published
2015-04-08 10:00
Modified
2024-08-06 04:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1032032",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032032"
},
{
"name": "USN-2567-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"name": "VU#374268",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"name": "SSRT102029",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"name": "FEDORA-2015-5761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10114"
},
{
"name": "FEDORA-2015-5874",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:0775",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201509-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "20150408 Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38276"
},
{
"name": "HPSBUX03333",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"name": "MDVSA-2015:202",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "73951",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73951"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name": "20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2779"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1032032",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032032"
},
{
"name": "USN-2567-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"name": "VU#374268",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"name": "SSRT102029",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"name": "FEDORA-2015-5761",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10114"
},
{
"name": "FEDORA-2015-5874",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"name": "APPLE-SA-2015-06-30-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:0775",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201509-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "20150408 Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38276"
},
{
"name": "HPSBUX03333",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143213867103400\u0026w=2"
},
{
"name": "MDVSA-2015:202",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "73951",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name": "20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2779"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1798",
"datePublished": "2015-04-08T10:00:00",
"dateReserved": "2015-02-17T00:00:00",
"dateUpdated": "2024-08-06T04:54:16.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7692 (GCVE-0-2015-7692)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"name": "77285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77285"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"name": "77285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77285"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"name": "77285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77285"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2899",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7692",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26555 (GCVE-0-2023-26555)
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2025-02-11 21:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409"
},
{
"name": "FEDORA-2023-611a143d5f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/"
},
{
"name": "FEDORA-2023-c0762a0e57",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T21:02:31.010496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T21:03:51.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555"
},
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506546409"
},
{
"name": "FEDORA-2023-611a143d5f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY2SVYH4MKPAXEYHCCXD3Z6VGINLSVHK/"
},
{
"name": "FEDORA-2023-c0762a0e57",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3VHEHHWCTYSB7HVJLYPVK4RPJZ5LX52/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26555",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-02-25T00:00:00.000Z",
"dateUpdated": "2025-02-11T21:03:51.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2517 (GCVE-0-2016-2517)
Vulnerability from cvelistv5
Published
2017-01-30 21:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3010"
},
{
"name": "88189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88189"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3010"
},
{
"name": "88189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88189"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3010",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3010"
},
{
"name": "88189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88189"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2517",
"datePublished": "2017-01-30T21:00:00",
"dateReserved": "2016-02-20T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7848 (GCVE-0-2015-7848)
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77275"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2015-0052/"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77275"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2015-0052/"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77275"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2015-0052/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2015-0052/"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7848",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5146 (GCVE-0-2015-5146)
Vulnerability from cvelistv5
Published
2017-08-24 20:00
Modified
2024-08-06 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:32.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238136"
},
{
"name": "75589",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75589"
},
{
"name": "GLSA-201509-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "1034168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034168"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2853"
},
{
"name": "FEDORA-2015-14212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"name": "FEDORA-2015-14213",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180731-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-01T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238136"
},
{
"name": "75589",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75589"
},
{
"name": "GLSA-201509-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "1034168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034168"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2853"
},
{
"name": "FEDORA-2015-14212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"name": "FEDORA-2015-14213",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180731-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238136",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238136"
},
{
"name": "75589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75589"
},
{
"name": "GLSA-201509-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "1034168",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034168"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2853",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2853"
},
{
"name": "FEDORA-2015-14212",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"name": "FEDORA-2015-14213",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180731-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180731-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5146",
"datePublished": "2017-08-24T20:00:00",
"dateReserved": "2015-06-29T00:00:00",
"dateUpdated": "2024-08-06T06:32:32.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9750 (GCVE-0-2014-9750)
Vulnerability from cvelistv5
Published
2015-10-04 20:00
Modified
2024-08-06 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"name": "72583",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72583"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2671"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"name": "72583",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72583"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2671"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"name": "72583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72583"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184573"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "RHSA-2015:1459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2671",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2671"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9750",
"datePublished": "2015-10-04T20:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7854 (GCVE-0-2015-7854)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2921"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274263"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77277"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2921"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274263"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77277"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2921",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2921"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274263",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274263"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77277"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7854",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26552 (GCVE-0-2023-26552)
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2025-02-11 15:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:29:15.574202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:30:15.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552"
},
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26552",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-02-25T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:30:15.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5300 (GCVE-0-2015-5300)
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "SUSE-SU:2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2016/Feb/164"
},
{
"name": "openSUSE-SU:2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU:2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
},
{
"name": "FEDORA-2015-f5f5ec7b6b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"name": "SUSE-SU:2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "1034670",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
},
{
"name": "77312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77312"
},
{
"name": "SUSE-SU:2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FreeBSD-SA-16:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
},
{
"name": "openSUSE-SU:2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
},
{
"name": "SUSE-SU:2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
},
{
"name": "SUSE-SU:2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:1930",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "SUSE-SU:2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/bugtraq/2016/Feb/164"
},
{
"name": "openSUSE-SU:2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU:2016:1177",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX220112"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
},
{
"name": "FEDORA-2015-f5f5ec7b6b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"name": "SUSE-SU:2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "1034670",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
},
{
"name": "77312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77312"
},
{
"name": "SUSE-SU:2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FreeBSD-SA-16:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
},
{
"name": "openSUSE-SU:2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
},
{
"name": "SUSE-SU:2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
},
{
"name": "SUSE-SU:2016:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1930",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1930.html"
},
{
"name": "SUSE-SU:2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "[slackware-security] 20160223 ntp (SSA:2016-054-04)",
"refsource": "MLIST",
"url": "http://seclists.org/bugtraq/2016/Feb/164"
},
{
"name": "openSUSE-SU:2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "USN-2783-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU:2016:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-356-01"
},
{
"name": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p5_Securit"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1271076"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21980676"
},
{
"name": "https://support.citrix.com/article/CTX220112",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220112"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099428"
},
{
"name": "FEDORA-2015-f5f5ec7b6b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170684.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/ntp_advisory5.asc"
},
{
"name": "https://www.cs.bu.edu/~goldbe/NTPattack.html",
"refsource": "MISC",
"url": "https://www.cs.bu.edu/~goldbe/NTPattack.html"
},
{
"name": "SUSE-SU:2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "FEDORA-2016-34bc10a2c8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html"
},
{
"name": "1034670",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034670"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024073"
},
{
"name": "77312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77312"
},
{
"name": "SUSE-SU:2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FreeBSD-SA-16:02",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21979393"
},
{
"name": "openSUSE-SU:2016:1292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=nas8N1021264"
},
{
"name": "SUSE-SU:2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1023885"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa113",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa113"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983501"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ssg1S1005821"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2956",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2956"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21983506"
},
{
"name": "SUSE-SU:2016:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5300",
"datePublished": "2017-07-21T14:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9293 (GCVE-0-2014-9293)
Vulnerability from cvelistv5
Published
2014-12-20 02:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name": "62209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "SSRT101872",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs\u0026REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw"
},
{
"name": "MDVSA-2015:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"name": "71757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:14:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name": "62209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "SSRT101872",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs\u0026REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw"
},
{
"name": "MDVSA-2015:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"name": "71757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0541.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name": "62209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62209"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2665",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2665"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "SSRT101872",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"name": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs\u0026REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/ntpd/ntp_config.c?PAGE=diffs\u0026REV=4b6089c5KXhXqZqocF0DMXnQQsjOuw"
},
{
"name": "MDVSA-2015:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"name": "71757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71757"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176032"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9293",
"datePublished": "2014-12-20T02:00:00",
"dateReserved": "2014-12-05T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8956 (GCVE-0-2018-8956)
Vulnerability from cvelistv5
Published
2020-05-06 18:03
Modified
2024-08-05 07:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ntp.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tools.ietf.org/html/rfc5905"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nikhiltripathi.in/NTP_attack.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arxiv.org/abs/2005.01783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0006/"
},
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-19T14:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ntp.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tools.ietf.org/html/rfc5905"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nikhiltripathi.in/NTP_attack.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arxiv.org/abs/2005.01783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0006/"
},
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker\u0027s behalf and send them to the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ntp.org/",
"refsource": "MISC",
"url": "http://www.ntp.org/"
},
{
"name": "https://tools.ietf.org/html/rfc5905",
"refsource": "MISC",
"url": "https://tools.ietf.org/html/rfc5905"
},
{
"name": "https://nikhiltripathi.in/NTP_attack.pdf",
"refsource": "MISC",
"url": "https://nikhiltripathi.in/NTP_attack.pdf"
},
{
"name": "https://arxiv.org/abs/2005.01783",
"refsource": "MISC",
"url": "https://arxiv.org/abs/2005.01783"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200518-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200518-0006/"
},
{
"name": "openSUSE-SU-2020:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8956",
"datePublished": "2020-05-06T18:03:41",
"dateReserved": "2018-03-23T00:00:00",
"dateUpdated": "2024-08-05T07:10:47.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6464 (GCVE-0-2017-6464)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "97050",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97050"
},
{
"name": "RHSA-2017:3071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "RHSA-2018:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "97050",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97050"
},
{
"name": "RHSA-2017:3071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "RHSA-2018:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "FreeBSD-SA-17:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "97050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97050"
},
{
"name": "RHSA-2017:3071",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3389",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3389"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "RHSA-2018:0855",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6464",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6463 (GCVE-0-2017-6463)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:18.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "97049",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97049"
},
{
"name": "RHSA-2017:3071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3387"
},
{
"name": "RHSA-2018:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "97049",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97049"
},
{
"name": "RHSA-2017:3071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3387"
},
{
"name": "RHSA-2018:0855",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "FreeBSD-SA-17:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "97049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97049"
},
{
"name": "RHSA-2017:3071",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3387",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3387"
},
{
"name": "RHSA-2018:0855",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6463",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:18.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7703 (GCVE-0-2015-7703)
Vulnerability from cvelistv5
Published
2017-07-24 14:00
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77278"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2902"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254547"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77278"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2902"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254547"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "77278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77278"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2902",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2902"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1254547",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254547"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7703",
"datePublished": "2017-07-24T14:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9751 (GCVE-0-2014-9751)
Vulnerability from cvelistv5
Published
2015-10-04 20:00
Modified
2024-08-06 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2672"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "72584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72584"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184572"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine\u0027s network interface with a packet from the ::1 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2672"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "72584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72584"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184572"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine\u0027s network interface with a packet from the ::1 address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#December_2014_NTP_Security_Vulne"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2672",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2672"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "72584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72584"
},
{
"name": "RHSA-2015:1459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1184572",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1184572"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9751",
"datePublished": "2015-10-04T20:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26553 (GCVE-0-2023-26553)
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2025-02-11 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T15:25:53.481955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T15:27:09.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553"
},
{
"url": "https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26553",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-02-25T00:00:00.000Z",
"dateUpdated": "2025-02-11T15:27:09.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6458 (GCVE-0-2017-6458)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:19.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "97051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT208144"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "FEDORA-2017-72323a442f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "FEDORA-2017-20d54b2782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K99254031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"name": "FEDORA-2017-5ebac1c112",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T16:41:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "97051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT208144"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "FEDORA-2017-72323a442f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "FEDORA-2017-20d54b2782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K99254031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"name": "FEDORA-2017-5ebac1c112",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3379",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3379"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "97051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97051"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "https://support.apple.com/kb/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT208144"
},
{
"name": "USN-3349-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "FEDORA-2017-72323a442f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUPPICJXWL3AWQB7I3AWUC74YON7UING/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-294/"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa147",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "FEDORA-2017-20d54b2782",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "https://support.f5.com/csp/article/K99254031",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K99254031"
},
{
"name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"name": "FEDORA-2017-5ebac1c112",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4B7BMVXV53EE7XYW2KAVETDHTP452O3Z/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6458",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:19.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4955 (GCVE-0-2016-4955)
Vulnerability from cvelistv5
Published
2016-07-05 01:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"name": "91007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/3043"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T12:00:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SU-2016:1602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "openSUSE-SU-2016:1583",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"name": "91007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
},
{
"name": "1036037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/3043"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2016:1602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html"
},
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "FEDORA-2016-c3bd6a3496",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/"
},
{
"name": "openSUSE-SU-2016:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html"
},
{
"name": "FreeBSD-SA-16:24",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "FEDORA-2016-89e0874533",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/"
},
{
"name": "91007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91007"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3043",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3043"
},
{
"name": "1036037",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036037"
},
{
"name": "SUSE-SU-2016:1584",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "http://bugs.ntp.org/3043",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/3043"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/321640"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "FEDORA-2016-50b0066b7f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/"
},
{
"name": "openSUSE-SU-2016:1636",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html"
},
{
"name": "SUSE-SU-2016:1563",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137321/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "20160603 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"name": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137322/FreeBSD-Security-Advisory-FreeBSD-SA-16-24.ntp.html"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538600/100/0/threaded"
},
{
"name": "VU#321640",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/321640"
},
{
"name": "20160604 [slackware-security] ntp (SSA:2016-155-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538599/100/0/threaded"
},
{
"name": "20160604 FreeBSD Security Advisory FreeBSD-SA-16:24.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538600/100/0/threaded"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4955",
"datePublished": "2016-07-05T01:00:00",
"dateReserved": "2016-05-23T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7855 (GCVE-0-2015-7855)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:29.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40840",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40840/"
},
{
"name": "77283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77283"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2922"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-15T20:37:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40840",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40840/"
},
{
"name": "77283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77283"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2922"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40840",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40840/"
},
{
"name": "77283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77283"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274264",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274264"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2922",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2922"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7855",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T08:06:29.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7691 (GCVE-0-2015-7691)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"name": "77274",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"name": "77274",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274254"
},
{
"name": "77274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77274"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2899",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2899"
},
{
"name": "RHSA-2016:2583",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "RHSA-2016:0780",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7691",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9311 (GCVE-0-2016-9311)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 02:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:36.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "94444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94444"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "94444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94444"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "94444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94444"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03799en_us"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03885en_us"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3119",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9311",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-11-14T00:00:00",
"dateUpdated": "2024-08-06T02:50:36.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7433 (GCVE-0-2016-7433)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94455"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3067"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"name": "openSUSE-SU-2016:3280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "FEDORA-2016-e8a8561ee7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/"
},
{
"name": "FEDORA-2016-7209ab4e02",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"name": "FEDORA-2016-c198d15316",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T12:08:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94455"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3067"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"name": "openSUSE-SU-2016:3280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "FEDORA-2016-e8a8561ee7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/"
},
{
"name": "FEDORA-2016-7209ab4e02",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"name": "FEDORA-2016-c198d15316",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "94455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94455"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3067",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3067"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540254/100/0/threaded"
},
{
"name": "20170310 [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded"
},
{
"name": "openSUSE-SU-2016:3280",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html"
},
{
"name": "USN-3349-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "FEDORA-2016-e8a8561ee7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/"
},
{
"name": "FEDORA-2016-7209ab4e02",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en"
},
{
"name": "FEDORA-2016-c198d15316",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539955/100/0/threaded"
},
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227"
},
{
"name": "20161222 FreeBSD Security Advisory FreeBSD-SA-16:39.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7433",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6455 (GCVE-0-2017-6455)
Vulnerability from cvelistv5
Published
2017-03-27 17:00
Modified
2024-08-05 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:33:20.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "97074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97074"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-23T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"name": "97074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97074"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "97074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97074"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3384",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3384"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6455",
"datePublished": "2017-03-27T17:00:00",
"dateReserved": "2017-03-03T00:00:00",
"dateUpdated": "2024-08-05T15:33:20.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5194 (GCVE-0-2015-5194)
Vulnerability from cvelistv5
Published
2017-07-21 14:00
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:08.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SU:2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
},
{
"name": "76475",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76475"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
},
{
"name": "SUSE-SU:2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU:2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FEDORA-2015-14212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SU:2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=isg3T1024157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=4c4fc141LwvcoGp-lLGhkAFp3ZvtrA"
},
{
"name": "76475",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76475"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21986956"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21988706"
},
{
"name": "RHSA-2016:2583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2583.html"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "RHSA-2016:0780",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0780.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "[oss-security] 20150825 Several low impact ntp.org ntpd issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/08/25/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254542"
},
{
"name": "SUSE-SU:2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "SUSE-SU:2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "FEDORA-2015-14212",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21989542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21985122"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5194",
"datePublished": "2017-07-21T14:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:08.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7853 (GCVE-0-2015-7853)
Vulnerability from cvelistv5
Published
2017-08-07 20:00
Modified
2024-08-06 07:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2920"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "77273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77273"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html"
},
{
"name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintel.com/vulnerability-reports/"
},
{
"name": "openSUSE-SU-2015:2016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded"
},
{
"name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded"
},
{
"name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-16T12:08:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug2920"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "USN-2783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU-2016:1247",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "1033951",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "SUSE-SU-2016:1311",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "77273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77273"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html"
},
{
"name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintel.com/vulnerability-reports/"
},
{
"name": "openSUSE-SU-2015:2016",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded"
},
{
"name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded"
},
{
"name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug2920",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug2920"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "USN-2783-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2783-1"
},
{
"name": "SUSE-SU-2016:1247",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html"
},
{
"name": "1033951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033951"
},
{
"name": "SUSE-SU-2016:1311",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274262"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "77273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77273"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0001/"
},
{
"name": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134082/FreeBSD-Security-Advisory-ntp-Authentication-Bypass.html"
},
{
"name": "20151021 Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa103",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa103"
},
{
"name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536833/100/0/threaded"
},
{
"name": "http://www.talosintel.com/vulnerability-reports/",
"refsource": "MISC",
"url": "http://www.talosintel.com/vulnerability-reports/"
},
{
"name": "openSUSE-SU-2015:2016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html"
},
{
"name": "20151104 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/536833/100/100/threaded"
},
{
"name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536760/100/0/threaded"
},
{
"name": "20151026 FreeBSD Security Advisory FreeBSD-SA-15:25.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/536760/100/100/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536796/100/0/threaded"
},
{
"name": "20151029 [slackware-security] ntp (SSA:2015-302-03)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536737/100/0/threaded"
},
{
"name": "20151022 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7853",
"datePublished": "2017-08-07T20:00:00",
"dateReserved": "2015-10-16T00:00:00",
"dateUpdated": "2024-08-06T07:59:00.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1550 (GCVE-0-2016-1550)
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unspecified
Summary
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NTP Project | NTP |
Version: 4.2.8p3 Version: 4.2.8p4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0084/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88261"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p3"
},
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T17:25:28",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "USN-3096-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0084/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88261"
},
{
"name": "SUSE-SU-2016:2094",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p3"
},
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3096-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3096-1"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3629"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "RHSA-2016:1141",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1141"
},
{
"name": "SUSE-SU-2016:1912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html"
},
{
"name": "VU#718152",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/718152"
},
{
"name": "RHSA-2016:1552",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1552.html"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0084/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0084/"
},
{
"name": "20160428 Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "88261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88261"
},
{
"name": "SUSE-SU-2016:2094",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html"
},
{
"name": "openSUSE-SU-2016:1423",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "openSUSE-SU-2016:1329",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html"
},
{
"name": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "SUSE-SU-2016:1471",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html"
},
{
"name": "FEDORA-2016-5b2eb0bf9c",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html"
},
{
"name": "SUSE-SU-2016:1291",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html"
},
{
"name": "DSA-3629",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3629"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0084"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html"
},
{
"name": "20160429 [slackware-security] ntp (SSA:2016-120-01)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded"
},
{
"name": "SUSE-SU-2016:1278",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html"
},
{
"name": "FEDORA-2016-ed8c6c0426",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1550",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9294 (GCVE-0-2014-9294)
Vulnerability from cvelistv5
Published
2014-12-20 02:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name": "71762",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71762"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035"
},
{
"name": "62209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "SSRT101872",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs\u0026REV=4eae1b72298KRoBQmX-y8URCiRPH5g"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"name": "MDVSA-2015:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:16:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name": "71762",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71762"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035"
},
{
"name": "62209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "SSRT101872",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs\u0026REV=4eae1b72298KRoBQmX-y8URCiRPH5g"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"name": "MDVSA-2015:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2666",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2666"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0541.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name": "71762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71762"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176035"
},
{
"name": "62209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62209"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "SSRT101872",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs\u0026REV=4eae1b72298KRoBQmX-y8URCiRPH5g",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/util/ntp-keygen.c?PAGE=diffs\u0026REV=4eae1b72298KRoBQmX-y8URCiRPH5g"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"name": "MDVSA-2015:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9294",
"datePublished": "2014-12-20T02:00:00",
"dateReserved": "2014-12-05T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9296 (GCVE-0-2014-9296)
Vulnerability from cvelistv5
Published
2014-12-20 02:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"name": "71758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "62209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2670"
},
{
"name": "SSRT101872",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "openSUSE-SU-2014:1670",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548ad06feXHK1HlZoY-WZVyynwvwAg"
},
{
"name": "MDVSA-2015:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:19:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"name": "71758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "62209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2670"
},
{
"name": "SSRT101872",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "openSUSE-SU-2014:1670",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548ad06feXHK1HlZoY-WZVyynwvwAg"
},
{
"name": "MDVSA-2015:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "HPSBGN03277",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"name": "71758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71758"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0541.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "62209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62209"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2670",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2670"
},
{
"name": "SSRT101872",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "openSUSE-SU-2014:1670",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176040"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548ad06feXHK1HlZoY-WZVyynwvwAg",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548ad06feXHK1HlZoY-WZVyynwvwAg"
},
{
"name": "MDVSA-2015:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9296",
"datePublished": "2014-12-20T02:00:00",
"dateReserved": "2014-12-05T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13817 (GCVE-0-2020-13817)
Vulnerability from cvelistv5
Published
2020-06-04 12:31
Modified
2025-05-05 17:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-13817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:13:39.175323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:07:58.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T14:40:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim\u0027s ntpd instance."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3596",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3596"
},
{
"name": "https://bugs.ntp.org/show_bug.cgi?id=3596",
"refsource": "MISC",
"url": "https://bugs.ntp.org/show_bug.cgi?id=3596"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200625-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200625-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13817",
"datePublished": "2020-06-04T12:31:55.000Z",
"dateReserved": "2020-06-04T00:00:00.000Z",
"dateUpdated": "2025-05-05T17:07:58.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3405 (GCVE-0-2015-3405)
Vulnerability from cvelistv5
Published
2017-08-09 16:00
Modified
2024-08-06 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-5830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"name": "RHSA-2015:2231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "SUSE-SU-2015:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"name": "74045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-5830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"name": "RHSA-2015:2231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "SUSE-SU-2015:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"name": "74045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3405",
"datePublished": "2017-08-09T16:00:00",
"dateReserved": "2015-04-23T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7428 (GCVE-0-2016-7428)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "94446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94446"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "94446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94446"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3113",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3113"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03883en_us"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "94446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94446"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03899en_us"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7428",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7426 (GCVE-0-2016-7426)
Vulnerability from cvelistv5
Published
2017-01-13 16:00
Modified
2024-08-06 01:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94451",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94451"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T10:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"name": "FreeBSD-SA-16:39",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94451",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94451"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03706en_us"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "RHSA-2017:0252",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0252.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "http://nwtime.org/ntp428p9_release/",
"refsource": "CONFIRM",
"url": "http://nwtime.org/ntp428p9_release/"
},
{
"name": "VU#633847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/633847"
},
{
"name": "1037354",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037354"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa139",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa139"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3071",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3071"
},
{
"name": "FreeBSD-SA-16:39",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc"
},
{
"name": "94451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94451"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7426",
"datePublished": "2017-01-13T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1549 (GCVE-0-2016-1549)
Vulnerability from cvelistv5
Published
2017-01-06 21:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unspecified
Summary
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NTP Project | NTP |
Version: 4.2.8p3 Version: 4.2.8p4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/"
},
{
"name": "88200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88200"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p3"
},
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "3e160db8dc248a0bcb053b56a80167dc742d2b74"
},
{
"status": "affected",
"version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T18:06:28",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/"
},
{
"name": "88200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88200"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p3"
},
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "3e160db8dc248a0bcb053b56a80167dc742d2b74"
},
{
"version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim\u0027s clock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0083/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0083/"
},
{
"name": "88200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88200"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1549",
"datePublished": "2017-01-06T21:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5209 (GCVE-0-2014-5209)
Vulnerability from cvelistv5
Published
2020-01-08 00:29
Modified
2024-08-06 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
Summary
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:47.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44942017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44942017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP",
"versions": [
{
"status": "affected",
"version": "4.2.7p25"
}
]
}
],
"datePublic": "2014-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-08T00:31:11",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44942017"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K44942017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.7p25"
}
]
}
}
]
},
"vendor_name": "NTP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K44942017",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44942017"
},
{
"name": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"
},
{
"name": "https://support.f5.com/csp/article/K44942017",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K44942017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-5209",
"datePublished": "2020-01-08T00:29:42",
"dateReserved": "2014-08-13T00:00:00",
"dateUpdated": "2024-08-06T11:41:47.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9295 (GCVE-0-2014-9295)
Vulnerability from cvelistv5
Published
2014-12-20 02:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "71761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71761"
},
{
"name": "HPSBGN03277",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037"
},
{
"name": "62209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62209"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA"
},
{
"name": "SSRT101872",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg"
},
{
"name": "openSUSE-SU-2014:1670",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acf55dxKfhb6MuYQwzu8eDlS97g"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm"
},
{
"name": "MDVSA-2015:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-05T16:18:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "71761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71761"
},
{
"name": "HPSBGN03277",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037"
},
{
"name": "62209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62209"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA"
},
{
"name": "SSRT101872",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg"
},
{
"name": "openSUSE-SU-2014:1670",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acf55dxKfhb6MuYQwzu8eDlS97g"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm"
},
{
"name": "MDVSA-2015:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=2669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd"
},
{
"name": "71761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71761"
},
{
"name": "HPSBGN03277",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142590659431171\u0026w=2"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04790232"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2667",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2667"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10103"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0541.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0541.html"
},
{
"name": "VU#852879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852879"
},
{
"name": "HPSBUX03240",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "RHSA-2014:2025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-2025.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176037"
},
{
"name": "62209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62209"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2015:0104",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0104.html"
},
{
"name": "HPSBOV03505",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=144182594518755\u0026w=2"
},
{
"name": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acc4dN1TbM1tRJrbPcA4yc1aTdA"
},
{
"name": "SSRT101872",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142853370924302\u0026w=2"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2668",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2668"
},
{
"name": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acdf3tUSFizXcv_X4b77Jt_Y-cg"
},
{
"name": "openSUSE-SU-2014:1670",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00020.html"
},
{
"name": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acf55dxKfhb6MuYQwzu8eDlS97g",
"refsource": "CONFIRM",
"url": "http://bk1.ntp.org/ntp-dev/?PAGE=patch\u0026REV=548acf55dxKfhb6MuYQwzu8eDlS97g"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "HPSBPV03266",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142469153211996\u0026w=2"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04916783"
},
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417665.htm"
},
{
"name": "MDVSA-2015:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:003"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2669",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2669"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1047-security-advisory-8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9295",
"datePublished": "2014-12-20T02:00:00",
"dateReserved": "2014-12-05T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0159 (GCVE-0-2009-0159)
Vulnerability from cvelistv5
Published
2009-04-14 15:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-777-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/777-1/"
},
{
"name": "oval:org.mitre.oval:def:9634",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634"
},
{
"name": "35137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35137"
},
{
"name": "34608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34608"
},
{
"name": "35166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "DSA-1801",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"name": "FEDORA-2009-5275",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
},
{
"name": "35308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35308"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.pardus.org.tr/show_bug.cgi?id=9532"
},
{
"name": "35253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35253"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "34481",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34481"
},
{
"name": "35138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35138"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:8386",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386"
},
{
"name": "SSA:2009-154-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"name": "SSRT101144",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "FEDORA-2009-5273",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:19392",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392"
},
{
"name": "35630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35630"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "ntp-cookedprint-bo(49838)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49838"
},
{
"name": "53593",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53593"
},
{
"name": "1022033",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022033"
},
{
"name": "oval:org.mitre.oval:def:8665",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "RHSA-2009:1651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "oval:org.mitre.oval:def:5411",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411"
},
{
"name": "RHSA-2009:1040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"name": "MDVSA-2009:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:092"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1144"
},
{
"name": "HPSBUX02859",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "35336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35336"
},
{
"name": "NetBSD-SA2009-006",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"name": "RHSA-2009:1039",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"name": "35169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35169"
},
{
"name": "GLSA-200905-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"name": "ADV-2009-0999",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0999"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch\u0026REV=1.1565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-777-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/777-1/"
},
{
"name": "oval:org.mitre.oval:def:9634",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634"
},
{
"name": "35137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35137"
},
{
"name": "34608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34608"
},
{
"name": "35166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "DSA-1801",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"name": "FEDORA-2009-5275",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
},
{
"name": "35308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35308"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.pardus.org.tr/show_bug.cgi?id=9532"
},
{
"name": "35253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35253"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "35074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35074"
},
{
"name": "34481",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34481"
},
{
"name": "35138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35138"
},
{
"name": "APPLE-SA-2009-05-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:8386",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386"
},
{
"name": "SSA:2009-154-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"name": "SSRT101144",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "FEDORA-2009-5273",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:19392",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392"
},
{
"name": "35630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35630"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "ntp-cookedprint-bo(49838)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49838"
},
{
"name": "53593",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53593"
},
{
"name": "1022033",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022033"
},
{
"name": "oval:org.mitre.oval:def:8665",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665"
},
{
"name": "TA09-133A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "RHSA-2009:1651",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "ADV-2009-1297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "oval:org.mitre.oval:def:5411",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411"
},
{
"name": "RHSA-2009:1040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"name": "MDVSA-2009:092",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:092"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1144"
},
{
"name": "HPSBUX02859",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "35336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35336"
},
{
"name": "NetBSD-SA2009-006",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"name": "RHSA-2009:1039",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"name": "35169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35169"
},
{
"name": "GLSA-200905-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"name": "ADV-2009-0999",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0999"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch\u0026REV=1.1565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-777-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/777-1/"
},
{
"name": "oval:org.mitre.oval:def:9634",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9634"
},
{
"name": "35137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35137"
},
{
"name": "34608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34608"
},
{
"name": "35166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35166"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=490617",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "DSA-1801",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"name": "FEDORA-2009-5275",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
},
{
"name": "35308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35308"
},
{
"name": "http://bugs.pardus.org.tr/show_bug.cgi?id=9532",
"refsource": "CONFIRM",
"url": "http://bugs.pardus.org.tr/show_bug.cgi?id=9532"
},
{
"name": "35253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35253"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "34481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34481"
},
{
"name": "35138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35138"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:8386",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8386"
},
{
"name": "SSA:2009-154-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"name": "SSRT101144",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "FEDORA-2009-5273",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:19392",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19392"
},
{
"name": "35630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35630"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "ntp-cookedprint-bo(49838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49838"
},
{
"name": "53593",
"refsource": "OSVDB",
"url": "http://osvdb.org/53593"
},
{
"name": "1022033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022033"
},
{
"name": "oval:org.mitre.oval:def:8665",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8665"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "RHSA-2009:1651",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "oval:org.mitre.oval:def:5411",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5411"
},
{
"name": "RHSA-2009:1040",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"name": "MDVSA-2009:092",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:092"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "https://support.ntp.org/bugs/show_bug.cgi?id=1144",
"refsource": "CONFIRM",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1144"
},
{
"name": "HPSBUX02859",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2"
},
{
"name": "35336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35336"
},
{
"name": "NetBSD-SA2009-006",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"name": "RHSA-2009:1039",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"name": "35169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35169"
},
{
"name": "GLSA-200905-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"name": "ADV-2009-0999",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0999"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch\u0026REV=1.1565",
"refsource": "CONFIRM",
"url": "http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch\u0026REV=1.1565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0159",
"datePublished": "2009-04-14T15:00:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1551 (GCVE-0-2016-1551)
Vulnerability from cvelistv5
Published
2017-01-27 17:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unspecified
Summary
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | NTP Project | NTP |
Version: 4.2.8p3 Version: 4.2.8p4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:12.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "88219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/88219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0132/"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NTP",
"vendor": "NTP Project",
"versions": [
{
"status": "affected",
"version": "4.2.8p3"
},
{
"status": "affected",
"version": "4.2.8p4"
}
]
},
{
"product": "NTPSec",
"vendor": "NTPsec Project",
"versions": [
{
"status": "affected",
"version": "3e160db8dc248a0bcb053b56a80167dc742d2b74"
},
{
"status": "affected",
"version": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unspecified",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-20T15:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "88219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/88219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0132/"
},
{
"name": "1035705",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-1551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NTP",
"version": {
"version_data": [
{
"version_value": "4.2.8p3"
},
{
"version_value": "4.2.8p4"
}
]
}
}
]
},
"vendor_name": "NTP Project"
},
{
"product": {
"product_data": [
{
"product_name": "NTPSec",
"version": {
"version_data": [
{
"version_value": "3e160db8dc248a0bcb053b56a80167dc742d2b74"
},
{
"version_value": "a5fb34b9cc89b92a8fef2f459004865c93bb7f92"
}
]
}
}
]
},
"vendor_name": "NTPsec Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock\u0027s peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "88219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/88219"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0132/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0132/"
},
{
"name": "1035705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035705"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171004-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171004-0002/"
},
{
"name": "FreeBSD-SA-16:16",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc"
},
{
"name": "GLSA-201607-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-1551",
"datePublished": "2017-01-27T17:00:00",
"dateReserved": "2016-01-07T00:00:00",
"dateUpdated": "2024-08-05T23:02:12.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1252 (GCVE-0-2009-1252)
Vulnerability from cvelistv5
Published
2009-05-19 19:00
Modified
2024-08-07 05:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-777-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/777-1/"
},
{
"name": "35137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35137"
},
{
"name": "35166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35166"
},
{
"name": "37470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37470"
},
{
"name": "35388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35388"
},
{
"name": "35243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35243"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "DSA-1801",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"name": "FEDORA-2009-5275",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
},
{
"name": "35308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35308"
},
{
"name": "35253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35253"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
},
{
"name": "MDVSA-2009:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
},
{
"name": "1022243",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022243"
},
{
"name": "35138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35138"
},
{
"name": "SSA:2009-154-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"name": "FEDORA-2009-5273",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "FEDORA-2009-5674",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
},
{
"name": "35630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35630"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-1252"
},
{
"name": "oval:org.mitre.oval:def:11231",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
},
{
"name": "35017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35017"
},
{
"name": "RHSA-2009:1040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"name": "FreeBSD-SA-09:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "VU#853097",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/853097"
},
{
"name": "35336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35336"
},
{
"name": "NetBSD-SA2009-006",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"name": "RHSA-2009:1039",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"name": "ADV-2009-1361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1361"
},
{
"name": "oval:org.mitre.oval:def:6307",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
},
{
"name": "35169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35169"
},
{
"name": "GLSA-200905-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-777-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/777-1/"
},
{
"name": "35137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35137"
},
{
"name": "35166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35166"
},
{
"name": "37470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37470"
},
{
"name": "35388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35388"
},
{
"name": "35243",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35243"
},
{
"name": "37471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "DSA-1801",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"name": "FEDORA-2009-5275",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
},
{
"name": "35308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35308"
},
{
"name": "35253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35253"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
},
{
"name": "MDVSA-2009:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
},
{
"name": "1022243",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022243"
},
{
"name": "35138",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35138"
},
{
"name": "SSA:2009-154-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"name": "FEDORA-2009-5273",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "FEDORA-2009-5674",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
},
{
"name": "35630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35630"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/cve/2009-1252"
},
{
"name": "oval:org.mitre.oval:def:11231",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
},
{
"name": "35017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35017"
},
{
"name": "RHSA-2009:1040",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"name": "FreeBSD-SA-09:11",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"name": "VU#853097",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/853097"
},
{
"name": "35336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35336"
},
{
"name": "NetBSD-SA2009-006",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"name": "RHSA-2009:1039",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"name": "ADV-2009-1361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1361"
},
{
"name": "oval:org.mitre.oval:def:6307",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
},
{
"name": "35169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35169"
},
{
"name": "GLSA-200905-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-777-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/777-1/"
},
{
"name": "35137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35137"
},
{
"name": "35166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35166"
},
{
"name": "37470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37470"
},
{
"name": "35388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35388"
},
{
"name": "35243",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35243"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "DSA-1801",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1801"
},
{
"name": "FEDORA-2009-5275",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01449.html"
},
{
"name": "35308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35308"
},
{
"name": "35253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35253"
},
{
"name": "https://support.ntp.org/bugs/show_bug.cgi?id=1151",
"refsource": "CONFIRM",
"url": "https://support.ntp.org/bugs/show_bug.cgi?id=1151"
},
{
"name": "MDVSA-2009:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:117"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0092"
},
{
"name": "1022243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022243"
},
{
"name": "35138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35138"
},
{
"name": "SSA:2009-154-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.566238"
},
{
"name": "FEDORA-2009-5273",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01414.html"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "FEDORA-2009-5674",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00293.html"
},
{
"name": "35630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35630"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "https://launchpad.net/bugs/cve/2009-1252",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/cve/2009-1252"
},
{
"name": "oval:org.mitre.oval:def:11231",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11231"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=499694",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=499694"
},
{
"name": "35017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35017"
},
{
"name": "RHSA-2009:1040",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1040.html"
},
{
"name": "FreeBSD-SA-09:11",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:11.ntpd.asc"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "VU#853097",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/853097"
},
{
"name": "35336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35336"
},
{
"name": "NetBSD-SA2009-006",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-006.txt.asc"
},
{
"name": "RHSA-2009:1039",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1039.html"
},
{
"name": "ADV-2009-1361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1361"
},
{
"name": "oval:org.mitre.oval:def:6307",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6307"
},
{
"name": "35169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35169"
},
{
"name": "GLSA-200905-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-08.xml"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1252",
"datePublished": "2009-05-19T19:00:00",
"dateReserved": "2009-04-07T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8936 (GCVE-0-2019-8936)
Vulnerability from cvelistv5
Published
2019-05-15 15:37
Modified
2024-08-04 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
NTP through 4.2.8p12 has a NULL Pointer Dereference.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201903-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4563-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-07T15:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201903-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4563-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP through 4.2.8p12 has a NULL Pointer Dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
},
{
"name": "openSUSE-SU-2019:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1158",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"name": "FEDORA-2019-b0c7f0d94a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN/"
},
{
"name": "FEDORA-2019-694e3aa4e8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST/"
},
{
"name": "FEDORA-2019-f781d5c4c6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190503-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190503-0001/"
},
{
"name": "FreeBSD-SA-19:04",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:04.ntp",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=3565",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"name": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"name": "https://support.f5.com/csp/article/K61363039",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "USN-4563-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4563-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8936",
"datePublished": "2019-05-15T15:37:31",
"dateReserved": "2019-02-19T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11868 (GCVE-0-2020-11868)
Vulnerability from cvelistv5
Published
2020-04-17 03:31
Modified
2025-05-05 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2201-1] ntp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3592"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200424-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-11868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:13:41.284632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T17:08:18.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:54:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2201-1] ntp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0934",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3592"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200424-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20200505 [SECURITY] [DLA 2201-1] ntp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html"
},
{
"name": "openSUSE-SU-2020:1007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html"
},
{
"name": "GLSA-202007-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-12"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3592",
"refsource": "MISC",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3592"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716665"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200424-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200424-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11868",
"datePublished": "2020-04-17T03:31:05.000Z",
"dateReserved": "2020-04-17T00:00:00.000Z",
"dateUpdated": "2025-05-05T17:08:18.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7183 (GCVE-0-2018-7183)
Vulnerability from cvelistv5
Published
2018-03-08 20:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "103351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103351"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T22:53:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201805-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "USN-3707-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "103351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103351"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201805-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "USN-3707-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "103351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103351"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3414",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7183",
"datePublished": "2018-03-08T20:00:00",
"dateReserved": "2018-02-16T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}