exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Network Time Foundation

FreeBSD Security Advisory - FreeBSD-SA-17:03.ntp

Posted Apr 12, 2017

Authored by Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, in the parsing of packets from the DPTS Clock. A vulnerability was discovered in the NTP server's parsing of configuration directives. A vulnerability was found in NTP, affecting the origin timestamp check function. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. A malicious device could send crafted messages, causing ntpd to crash. An attacker able to spoof messages from all of the configured peers could send crafted packets to ntpd, causing later replies from those peers to be discarded, resulting in denial of service.

tags | advisory, remote, denial of service, spoof

systems | freebsd, bsd

advisories | CVE-2016-9042, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464

SHA-256 | 92abc0111893b4eeb3b063ef449923e64c15b3e5a16cf8dcda93aa8f0dc6e37f

Download | Favorite | View

FreeBSD Security Advisory - FreeBSD-SA-16.39.ntp

Posted Dec 21, 2016

Authored by Network Time Foundation | Site security.freebsd.org

FreeBSD Security Advisory - Multiple vulnerabilities have been discovered in the NTP suite.

tags | advisory, vulnerability

systems | freebsd, bsd

advisories | CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7431

SHA-256 | 33824530cddd9387168daf3f7afeba89dddbc5899597c45b606169369c028f6b

Download | Favorite | View

FreeBSD Security Advisory - FreeBSD-SA-16:02.ntp

Posted Jan 15, 2016

Authored by Network Time Foundation

FreeBSD Security Advisory - The ntpd(8) daemon has a safety feature to prevent excessive stepping of the clock called the "panic threshold". If ever ntpd(8) determines the system clock is incorrect by more than this threshold, the daemon exits. There is an implementation error within the ntpd(8) implementation of this feature, which allows the system time be adjusted in certain circumstances. When ntpd(8) is started with the '-g' option specified, the system time will be corrected regardless of if the time offset exceeds the panic threshold (by default, 1000 seconds). The FreeBSD rc(8) subsystem allows specifying the '-g' option by either including '-g' in the ntpd_flags list or by enabling ntpd_sync_on_start in the system rc.conf(5) file. If at the moment ntpd(8) is restarted, an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of opportunity where the attacker can cause ntpd(8) to set the time to an arbitrary value.

tags | advisory, arbitrary

systems | freebsd

advisories | CVE-2015-5300

SHA-256 | 5b686dd5c1094f8df8e568f63282df537867ba1a7462ed0d52244d035dd8943c

Download | Favorite | View