HP Security Bulletin HPSBHF03432 1 - Potential security vulnerabilities have been identified with HPE Networking Comware 5, Comware 5, Low Encryption SW, Comware 7, and VCX, Using NTP. The vulnerabilities could be remotely exploited resulting in resulting in remote access restriction bypass and code execution. Revision 1 of this advisory.
678f73403ca3b8273f6c81a3451515dff3b523d9531d109874052b4d1c0be3a4HP Security Bulletin HPSBOV03505 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. These vulnerabilities could be exploited remotely to allow unauthenticated attackers to execute code with the privileges of ntpd or cause a Denial of Service (DoS). Revision 1 of this advisory.
6bb3a5080fcc5cd3fa3ca04240ae84814580d927317fa3a57b6645ecaeda982aHP Security Bulletin HPSBUX03240 SSRT101872 2 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 2 of this advisory.
1f4fd14946b0e379a10db31c1f62663f3c788557aa4411f47f54db8d0cf85d0dMandriva Linux Security Advisory 2015-140 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in ntp_crypto.c, which could lead to information leakage or denial of service. Stephen Roettger of the Google Security Team reported that ACLs based on IPv6 ::1 addresses can be bypassed. The ntp package has been patched to fix these issues.
6c051822021817ac7fc8875977c5ca320de4662ed0ed8219480997118279051dHP Security Bulletin HPSBGN03277 1 - Potential security vulnerabilities have been identified with the NTP service that is present on HP Virtualization Performance Viewer (vPV). These could be exploited remotely to execute code, create a Denial of Service (DoS), and other vulnerabilities. Revision 1 of this advisory.
6f8df7e9e5aa2dc95c49d69acba27bcb4e6053d7c678ab167cb1204eb8443695HP Security Bulletin HPSBPV03266 - Potential security vulnerabilities have been identified with certain HP Networking and H3C switches and routers running NTP. The vulnerabilities could be exploited remotely to allow execution of code, disclosure of information and denial of service (DoS). Revision 1 of this advisory.
1e5b7079d340789f718e38872fb41274da4f974274be3c825c5f3e12ddb930a8HP Security Bulletin HPSBUX03240 SSRT101872 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
abc2b7afc4f8f47e2bf3872b6662dfd3cbd30f380650ada88bbaf256a29a3160Red Hat Security Advisory 2015-0104-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.
b1cca658d4b8f1fdf7bcc3b84f7d28ce7411a215dd2e3dc836aab539982213b3EMC M&R (Watch4Net) suffers from heap overflow, remote file upload, insecure cryptographic storage, cross site scripting, ntp-related, java-related, and path traversal vulnerabilities.
7adceeb57a3368887bb1d10e104821dd7f027effb3815bf97aaaae498b047491Mandriva Linux Security Advisory 2015-003 - If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys. A remote unauthenticated attacker may craft special packets that trigger buffer overflows in the ntpd functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure(). The resulting buffer overflows may be exploited to allow arbitrary malicious code to be executed with the privilege of the ntpd process. A section of code in ntpd handling a rare error is missing a return statement, therefore processing did not stop when the error was encountered. This situation may be exploitable by an attacker. The ntp package has been patched to fix these issues.
e84745145e8e44d6f35dc2a132bbaf18a67dbe74926eba9217d0cebc264f9899Gentoo Linux Security Advisory 201412-34 - Multiple vulnerabilities have been found in NTP, the worst of which could result in remote execution of arbitrary code. Versions less than 4.2.8 are affected.
5b5deda4695b2395daea389f9d8700e9e35ad23c665aa66ecf1cb7860ddbcc0cFreeBSD Security Advisory - The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. When no authentication key is set in the configuration file, ntpd(8) would generate a random key that uses a non-linear additive feedback random number generator seeded with very few bits of entropy. The ntp-keygen(8) utility is also affected by a similar issue. When Autokey Authentication is enabled, for example if ntp.conf(5) contains a 'crypto pw' directive, a remote attacker can send a carefully crafted packet that can overflow a stack buffer. In ntp_proto.c, the receive() function is missing a return statement in the case when an error is detected.
7d0a12f077a570a47b07177a5a88f387e10ed75041b9b627e36f0897b24db3e6Cisco Security Advisory - Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition. On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
5dbade7a53bf1ca9ac25f9e8c3be3931a5da81f0c75dd71cb6377e3ee36e48baSlackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
d0c96540c2c6dfe9fed363b2449da9517db44123be1a205a479a83c90011f153Red Hat Security Advisory 2014-2024-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.
eedac20f7337d69596f4269af11098d273603b8566ea0c385bf4f50c902ac8d2Ubuntu Security Notice 2449-1 - Neel Mehta discovered that NTP generated weak authentication keys. A remote attacker could possibly use this issue to brute force the authentication key and send requests if permitted by IP restrictions. Stephen Roettger discovered that NTP generated weak MD5 keys. A remote attacker could possibly use this issue to brute force the MD5 key and spoof a client or server. Stephen Roettger discovered that NTP contained buffer overflows in the crypto_recv(), ctl_putdata() and configure() functions. In non-default configurations, a remote attacker could use these issues to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. In addition, attackers would be isolated by the NTP AppArmor profile. Various other issues were also addressed.
286111117445620d8391d69edda43445e28d24c84f9ba29db3f2c41c02f7041cRed Hat Security Advisory 2014-2025-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.
d893c268c3f5fe578780698715118fb8eec3d8f487f827ecfb8dfd311d18e52dDebian Linux Security Advisory 3108-1 - Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol.
5b4a277b0cef718c24dc6753a54c1bc9d8bcce8e71d504884e286af1764624ab
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed