Summary
Detail | |||
---|---|---|---|
Vendor | Ntp | First view | 2009-05-19 |
Product | Ntp | Last view | 2020-06-24 |
Version | 4.2.5p3 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ntp:ntp |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.9 | 2020-06-24 | CVE-2020-15025 | ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. |
7.4 | 2020-06-04 | CVE-2020-13817 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. |
7.5 | 2020-04-17 | CVE-2020-11868 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. |
6.5 | 2020-01-28 | CVE-2015-7851 | Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. |
7.5 | 2019-05-15 | CVE-2019-8936 | NTP through 4.2.8p12 has a NULL Pointer Dereference. |
7.5 | 2018-03-06 | CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. |
5.3 | 2018-03-06 | CVE-2018-7170 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. |
5.3 | 2017-08-24 | CVE-2015-5146 | ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. |
9.8 | 2017-08-07 | CVE-2015-7871 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. |
6.5 | 2017-08-07 | CVE-2015-7855 | The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. |
8.8 | 2017-08-07 | CVE-2015-7854 | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. |
9.8 | 2017-08-07 | CVE-2015-7853 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. |
5.9 | 2017-08-07 | CVE-2015-7852 | ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. |
6.5 | 2017-08-07 | CVE-2015-7850 | ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. |
8.8 | 2017-08-07 | CVE-2015-7849 | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. |
9.8 | 2017-08-07 | CVE-2015-7705 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. |
7.5 | 2017-08-07 | CVE-2015-7704 | The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. |
6.5 | 2017-08-07 | CVE-2015-7702 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. |
7.5 | 2017-08-07 | CVE-2015-7701 | Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). |
7.5 | 2017-08-07 | CVE-2015-7692 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. |
7.5 | 2017-08-07 | CVE-2015-7691 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. |
7.5 | 2017-07-24 | CVE-2015-7703 | The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. |
7.5 | 2017-07-21 | CVE-2015-5300 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). |
7.5 | 2017-07-21 | CVE-2015-5219 | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. |
7.5 | 2017-07-21 | CVE-2015-5195 | ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (19) | CWE-20 | Improper Input Validation |
8% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
5% (3) | CWE-476 | NULL Pointer Dereference |
5% (3) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
5% (3) | CWE-287 | Improper Authentication |
5% (3) | CWE-17 | Code |
3% (2) | CWE-362 | Race Condition |
3% (2) | CWE-284 | Access Control (Authorization) Issues |
3% (2) | CWE-254 | Security Features |
3% (2) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
1% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
1% (1) | CWE-704 | Incorrect Type Conversion or Cast |
1% (1) | CWE-682 | Incorrect Calculation |
1% (1) | CWE-416 | Use After Free |
1% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
1% (1) | CWE-399 | Resource Management Errors |
1% (1) | CWE-361 | Time and State |
1% (1) | CWE-346 | Origin Validation Error |
1% (1) | CWE-330 | Use of Insufficiently Random Values |
1% (1) | CWE-125 | Out-of-bounds Read |
1% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
1% (1) | CWE-19 | Data Handling |
1% (1) | CWE-18 | Source Code |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
54576 | NTP ntpd/ntp_crypto.c crypto_recv() Function Remote Overflow |
ExploitDB Exploits
id | Description |
---|---|
33073 | NTP ntpd monlist Query Reflection - Denial of Service |
OpenVAS Exploits
id | Description |
---|---|
2011-08-09 | Name : CentOS Update for ntp CESA-2009:1039 centos5 i386 File : nvt/gb_CESA-2009_1039_ntp_centos5_i386.nasl |
2009-12-14 | Name : Fedora Core 11 FEDORA-2009-13090 (ntp) File : nvt/fcore_2009_13090.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13121 (ntp) File : nvt/fcore_2009_13121.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:309 (ntp) File : nvt/mdksa_2009_309.nasl |
2009-10-13 | Name : SLES10: Security update for xntp File : nvt/sles10_xntp.nasl |
2009-10-11 | Name : SLES11: Security update for ntp File : nvt/sles11_ntp.nasl |
2009-10-10 | Name : SLES9: Security update for xntp File : nvt/sles9p5049935.nasl |
2009-08-03 | Name : HP-UX Update for XNTP HPSBUX02437 File : nvt/gb_hp_ux_HPSBUX02437.nasl |
2009-07-29 | Name : Ubuntu USN-805-1 (ruby1.9) File : nvt/ubuntu_805_1.nasl |
2009-06-23 | Name : Fedora Core 11 FEDORA-2009-5674 (ntp) File : nvt/fcore_2009_5674.nasl |
2009-06-15 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:11.ntpd.asc) File : nvt/freebsdsa_ntpd1.nasl |
2009-06-15 | Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl |
2009-06-05 | Name : Fedora Core 9 FEDORA-2009-5275 (ntp) File : nvt/fcore_2009_5275.nasl |
2009-06-05 | Name : Gentoo Security Advisory GLSA 200905-08 (ntp) File : nvt/glsa_200905_08.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:117 (ntp) File : nvt/mdksa_2009_117.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-5273 (ntp) File : nvt/fcore_2009_5273.nasl |
2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
2009-06-05 | Name : Ubuntu USN-777-1 (ntp) File : nvt/ubuntu_777_1.nasl |
2009-05-25 | Name : FreeBSD Ports: ntp File : nvt/freebsd_ntp.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:1039 (ntp) File : nvt/ovcesa2009_1039.nasl |
2009-05-25 | Name : Debian Security Advisory DSA 1801-1 (ntp) File : nvt/deb_1801_1.nasl |
2009-05-22 | Name : NTP 'ntpd' Autokey Stack Overflow Vulnerability File : nvt/secpod_ntp_bof_vuln_may09.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1040 File : nvt/RHSA_2009_1040.nasl |
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:1039 File : nvt/RHSA_2009_1039.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-154-01 ntp File : nvt/esoft_slk_ssa_2009_154_01.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0041 | Multiple Vulnerabilities in Network Time Protocol (NTP) Severity: Category I - VMSKEY: V0058907 |
Snort® IPS/IDS
Date | Description |
---|---|
2018-05-22 | Multiple Vendors NTP zero-origin timestamp denial of service attempt RuleID : 46387 - Type : SERVER-OTHER - Revision : 3 |
2018-05-23 | SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt RuleID : 45157-community - Type : SERVER-OTHER - Revision : 4 |
2018-01-11 | SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt RuleID : 45157 - Type : SERVER-OTHER - Revision : 4 |
2017-01-04 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40897 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40864 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40863 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40862 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40861 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40860 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40859 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40858 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40857 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40856 - Type : SERVER-OTHER - Revision : 3 |
2016-12-29 | ntpd mrulist control message command null pointer dereference attempt RuleID : 40855 - Type : SERVER-OTHER - Revision : 3 |
2016-12-20 | NTP origin timestamp denial of service attempt RuleID : 40811 - Type : SERVER-OTHER - Revision : 4 |
2016-03-14 | NTP crypto-NAK possible DoS attempt RuleID : 37843 - Type : SERVER-OTHER - Revision : 4 |
2016-03-14 | NTP arbitrary pidfile and driftfile overwrite attempt RuleID : 37526 - Type : SERVER-OTHER - Revision : 3 |
2016-03-14 | NTP arbitrary pidfile and driftfile overwrite attempt RuleID : 37525 - Type : SERVER-OTHER - Revision : 4 |
2016-03-14 | NTP decodenetnum assertion failure denial of service attempt RuleID : 36633 - Type : SERVER-OTHER - Revision : 3 |
2016-03-14 | NTP decodenetnum assertion failure denial of service attempt RuleID : 36632 - Type : SERVER-OTHER - Revision : 3 |
2016-03-14 | NTP crypto-NAK packet flood attempt RuleID : 36536 - Type : SERVER-OTHER - Revision : 5 |
2015-10-01 | ntpd saveconfig directory traversal attempt RuleID : 36253 - Type : SERVER-OTHER - Revision : 5 |
2015-10-01 | ntpd remote configuration denial of service attempt RuleID : 36252 - Type : SERVER-OTHER - Revision : 4 |
2015-10-01 | ntpq atoascii memory corruption attempt RuleID : 36251 - Type : SERVER-OTHER - Revision : 4 |
2015-10-01 | ntpd keyfile buffer overflow attempt RuleID : 36250 - Type : SERVER-OTHER - Revision : 4 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e585e25b72.nasl - Type: ACT_GATHER_INFO |
2018-09-20 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1083.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0003.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0010.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0167.nasl - Type: ACT_GATHER_INFO |
2018-05-29 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201805-12.nasl - Type: ACT_GATHER_INFO |
2018-05-11 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO |
2018-05-11 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO |
2018-04-10 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20150408-ntpd-ios.nasl - Type: ACT_GATHER_INFO |
2018-04-10 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20150408-ntpd-iosxe.nasl - Type: ACT_GATHER_INFO |
2018-03-09 | Name: The remote NTP server is affected by multiple vulnerabilities. File: ntp_4_2_8p11.nasl - Type: ACT_GATHER_INFO |
2018-03-02 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-060-02.nasl - Type: ACT_GATHER_INFO |
2018-02-28 | Name: The version of Arista Networks EOS running on the remote device is affected b... File: arista_eos_sa0019.nasl - Type: ACT_GATHER_INFO |
2018-02-28 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_af485ef41c5811e88477d05099c0ae8c.nasl - Type: ACT_GATHER_INFO |
2018-01-03 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL17114.nasl - Type: ACT_GATHER_INFO |
2017-12-28 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL99254031.nasl - Type: ACT_GATHER_INFO |
2017-12-07 | Name: The remote host is potentially affected by multiple NTP client vulnerabilities. File: check_point_gaia_sk103825.nasl - Type: ACT_GATHER_INFO |
2017-10-27 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0165.nasl - Type: ACT_GATHER_INFO |
2017-10-23 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa_10826.nasl - Type: ACT_GATHER_INFO |
2017-10-03 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_13.nasl - Type: ACT_GATHER_INFO |
2017-08-09 | Name: The remote AIX host has a version of NTP installed that is affected by multip... File: aix_ntp_v3_advisory4.nasl - Type: ACT_GATHER_INFO |
2017-08-09 | Name: The remote AIX host has a version of NTP installed that is affected by multip... File: aix_ntp_v4_advisory4.nasl - Type: ACT_GATHER_INFO |
2017-08-09 | Name: The remote AIX host has a version of NTP installed that is affected by a data... File: aix_ntp_v4_advisory5.nasl - Type: ACT_GATHER_INFO |
2017-08-03 | Name: The remote AIX host has a version of NTP installed that is affected by multip... File: aix_ntp_v3_advisory7.nasl - Type: ACT_GATHER_INFO |
2017-08-03 | Name: The remote AIX host has a version of NTP installed that is affected by multip... File: aix_ntp_v3_advisory8.nasl - Type: ACT_GATHER_INFO |